id	summary	reporter	owner	description	type	status	priority	milestone	version	resolution	keywords	cc
1926	GET requests on target URLs of POST forms should be refused	pitrou		"At python.org we started having log entries like the following:

{{{
X.Y.Z.W - - [11/Apr/2011:11:44:10 +0200] ""GET /dev/buildbot/all/builders/x86%20debian%20parallel%203.x/builds/1940/rebuild HTTP/1.1"" 302 278 ""http://www.python.org/dev/buildbot/all/builders/x86 debian parallel 3.x/builds/1940"" ""WebReaper [support@webreaper.net]""
}}}

This triggered lots of spurious rebuilds. Since the ""rebuild"" form normally uses the POST method, it means the above bot/crawler is ill-behaved. Refusing GET requests on the rebuild URL (and other ones) would easily defend against such crawlers, and prevent rebuilds from polluting the build history.
"	enhancement	new	minor	0.9.0	0.8.3		web