Version 1.2.0

1.2.0 (Aug 13, 2025)
* Fix 403 handling and add login links to prevent nginx 404 fallthrough

Author: WikiMANNia

README.md

@@ -30,3 +30,7 @@ intensive.
 
 * add: ProtectionUse418
 * 1.43 compatibility
+
+1.2.0 (Aug 13, 2025)
+
+* Fix 403 handling and add login links to prevent nginx 404 fallthrough

extension.json

@@ -1,7 +1,7 @@
 {
 	"name": "CrawlerProtection",
 	"author": "MyWikis LLC",
-	"version": "1.1.0",
+	"version": "1.2.0",
 	"description": "Suite of protective measures to protect wikis from crawlers.",
 	"type": "hook",
 	"requires": {

i18n/de.json

@@ -3,5 +3,5 @@
 		"authors": [ "MyWikis LLC" ]
 	},
 	"crawlerprotection-accessdenied-title": "Zugriff verweigert",
-	"crawlerprotection-accessdenied-text": "Anmeldung erforderlich, um diese Aktion auzuführen oder Spezialseite anzusehen."
+	"crawlerprotection-accessdenied-text": "Anmeldung erforderlich, um diese Aktion auzuführen oder Spezialseite anzusehen. Bitte [[Special:UserLogin|melden Sie sich an]], um fortzufahren."
 }

i18n/en.json

@@ -3,5 +3,5 @@
 		"authors": [ "MyWikis LLC" ]
 	},
 	"crawlerprotection-accessdenied-title": "Access denied",
-	"crawlerprotection-accessdenied-text": "You must be logged in to perform this action or view this special page."
+	"crawlerprotection-accessdenied-text": "You must be logged in to perform this action or view this special page. Please [[Special:UserLogin|log in]] to continue."
 }

includes/Hooks.php

@@ -70,6 +70,10 @@ public function onMediaWikiPerformAction(
 		$diffId = (int)$request->getVal( 'diff' );
 		$oldId  = (int)$request->getVal( 'oldid' );
 
+		$config = MediaWikiServices::getInstance()->getMainConfig();
+		$protectedActions = $config->get( 'CrawlerProtectedActions' );
+		$denyFast = $config->get( 'CrawlerProtectionUse418' );
+
 		if (
 			!$user->isRegistered()
 			&& (
@@ -79,6 +83,9 @@ public function onMediaWikiPerformAction(
 				|| $oldId > 0
 			)
 		) {
+			if ( $denyFast ) {
+				$this->denyAccessWith418();
+			}
 			$this->denyAccess( $output );
 			return false;
 		}
@@ -114,10 +121,10 @@ public function onSpecialPageBeforeExecute( $special, $subPage ) {
 
 		$name = strtolower( $special->getName() );
 		if ( in_array( $name, $normalizedProtectedPages, true ) ) {
-			$out = $special->getContext()->getOutput();
 			if ( $denyFast ) {
 				$this->denyAccessWith418();
 			}
+			$out = $special->getContext()->getOutput();
 			$this->denyAccess( $out );
 			return false;
 		}
@@ -143,14 +150,17 @@ protected function denyAccessWith418() {
 	 * @return void
 	 */
 	protected function denyAccess( $output ): void {
+		$output->clearHTML();
 		$output->setStatusCode( 403 );
-		$output->addWikiTextAsInterface( wfMessage( 'crawlerprotection-accessdenied-text' )->plain() );
 
 		if ( version_compare( MW_VERSION, '1.41', '<' ) ) {
 			$output->setPageTitle( wfMessage( 'crawlerprotection-accessdenied-title' ) );
 		} else {
 			// @phan-suppress-next-line PhanUndeclaredMethod Exists in 1.41+
 			$output->setPageTitleMsg( wfMessage( 'crawlerprotection-accessdenied-title' ) );
 		}
+
+		$output->addWikiTextAsInterface( wfMessage( 'crawlerprotection-accessdenied-text' )->plain() );
+		$output->returnToMain();
 	}
 }

tests/phpunit/unit/HooksTest.php

@@ -333,6 +333,23 @@ public function testSpecialPageCallsDenyAccessWith418WhenConfigured() {
 		$this->assertFalse( $result );
 	}
 
+	/**
+	 * @covers ::denyAccess
+	 */
+	public function testDenyAccessSetsCorrectStatusAndContent() {
+		$output = $this->createMock( self::$outputPageClassName );
+		$output->expects( $this->once() )->method( 'clearHTML' );
+		$output->expects( $this->once() )->method( 'setStatusCode' )->with( 403 );
+		$output->expects( $this->once() )->method( 'addWikiTextAsInterface' );
+		$output->expects( $this->once() )->method( 'returnToMain' );
+
+		$hooks = new Hooks();
+		$reflection = new \ReflectionClass( $hooks );
+		$method = $reflection->getMethod( 'denyAccess' );
+		$method->setAccessible( true );
+		$method->invoke( $hooks, $output );
+	}
+
 	/**
 	 * Data provider for blocked special pages.
 	 *