Version 1.5.0 - Add custom header and text settings for access-denial display

Version 1.5.0 (Mar 4, 2026)
* Add custom header and text settings for access-denial display

Author: WikiMANNia

README.md

@@ -44,3 +44,7 @@ intensive.
 1.4.0 (Feb 19, 2026)
 
 * Add configurable action protection with $wgCrawlerProtectedActions
+
+1.5.0 (Mar 4, 2026)
+
+* Add custom header and text settings for access-denial display

extension.json

@@ -1,7 +1,7 @@
 {
 	"name": "CrawlerProtection",
 	"author": "MyWikis LLC",
-	"version": "1.4.0",
+	"version": "1.5.0",
 	"description": "Suite of protective measures to protect wikis from crawlers.",
 	"type": "hook",
 	"requires": {
@@ -35,6 +35,12 @@
 		},
 		"CrawlerProtectionUse418": {
 			"value": false
+		},
+		"CrawlerProtectionDenialHeader": {
+			"value": null
+		},
+		"CrawlerProtectionDenialText": {
+			"value": null
 		}
 	},
 	"license-name": "MIT",

includes/Hooks.php

@@ -72,7 +72,13 @@ public function onMediaWikiPerformAction(
 
 		$config = MediaWikiServices::getInstance()->getMainConfig();
 		$protectedActions = $config->get( 'CrawlerProtectedActions' );
-		$denyFast = $config->get( 'CrawlerProtectionUse418' );
+		$customDenialHeader = $config->get( 'CrawlerProtectionDenialHeader' );
+		$customDenialText = $config->get( 'CrawlerProtectionDenialText' );
+		$use418 = $config->get( 'CrawlerProtectionUse418' );
+		if ( empty( $customDenialHeader ) && empty( $customDenialText ) && $use418 ) {
+			$customDenialHeader = 'HTTP/1.0 I\'m a teapot';
+			$customDenialText = 'I\'m a teapot';
+		}
 
 		if (
 			!$user->isRegistered()
@@ -83,8 +89,8 @@ public function onMediaWikiPerformAction(
 				|| $oldId > 0
 			)
 		) {
-			if ( $denyFast ) {
-				$this->denyAccessWith418();
+			if ( !empty( $customDenialHeader ) && !empty( $customDenialText ) ) {
+				$this->denyAccessCustom( $customDenialHeader, $customDenialText );
 			}
 			$this->denyAccess( $output );
 			return false;
@@ -110,7 +116,13 @@ public function onSpecialPageBeforeExecute( $special, $subPage ) {
 
 		$config = MediaWikiServices::getInstance()->getMainConfig();
 		$protectedSpecialPages = $config->get( 'CrawlerProtectedSpecialPages' );
-		$denyFast = $config->get( 'CrawlerProtectionUse418' );
+		$customDenialHeader = $config->get( 'CrawlerProtectionDenialHeader' );
+		$customDenialText = $config->get( 'CrawlerProtectionDenialText' );
+		$use418 = $config->get( 'CrawlerProtectionUse418' );
+		if ( empty( $customDenialHeader ) && empty( $customDenialText ) && $use418 ) {
+			$customDenialHeader = 'HTTP/1.0 I\'m a teapot';
+			$customDenialText = 'I\'m a teapot';
+		}
 
 		// Normalize protected special pages: lowercase and strip 'Special:' prefix
 		$normalizedProtectedPages = array_map(
@@ -122,8 +134,8 @@ public function onSpecialPageBeforeExecute( $special, $subPage ) {
 
 		$name = strtolower( $special->getName() );
 		if ( in_array( $name, $normalizedProtectedPages, true ) ) {
-			if ( $denyFast ) {
-				$this->denyAccessWith418();
+			if ( !empty( $customDenialHeader ) && !empty( $customDenialText ) ) {
+				$this->denyAccessCustom( $customDenialHeader, $customDenialText );
 			}
 			$out = $special->getContext()->getOutput();
 			$this->denyAccess( $out );
@@ -134,8 +146,8 @@ public function onSpecialPageBeforeExecute( $special, $subPage ) {
 		$request = $special->getContext()->getRequest();
 		$oldId = (int)$request->getVal( 'oldid' );
 		if ( $oldId > 0 ) {
-			if ( $denyFast ) {
-				$this->denyAccessWith418();
+			if ( !empty( $customDenialHeader ) && !empty( $customDenialText ) ) {
+				$this->denyAccessCustom( $customDenialHeader, $customDenialText );
 			}
 			$out = $special->getContext()->getOutput();
 			$this->denyAccess( $out );
@@ -146,14 +158,14 @@ public function onSpecialPageBeforeExecute( $special, $subPage ) {
 	}
 
 	/**
-	 * Helper: output 418 Teapot and halt the processing immediately
+	 * Display custom text for the "access denied" message, to avoid unnecessarily taxing resources.
 	 *
 	 * @return void
 	 * @suppress PhanPluginNeverReturnMethod
 	 */
-	protected function denyAccessWith418() {
-		header( 'HTTP/1.0 I\'m a teapot' );
-		die( 'I\'m a teapot' );
+	protected function denyAccessCustom( $customDenialHeader, $customDenialText ) {
+		header( $customDenialHeader );
+		die( htmlspecialchars( $customDenialText ) );
 	}
 
 	/**

tests/phpunit/unit/HooksTest.php

@@ -429,7 +429,7 @@ public function testSpecialPageBlocksAnonymous( $specialPageName ) {
 		$special->method( 'getContext' )->willReturn( $context );
 
 		$runner = $this->getMockBuilder( Hooks::class )
-			->onlyMethods( [ 'denyAccess', 'denyAccessWith418' ] )
+			->onlyMethods( [ 'denyAccess', 'denyAccessCustom' ] )
 			->getMock();
 		$runner->expects( $this->once() )->method( 'denyAccess' )->with( $output );
 
@@ -543,9 +543,9 @@ public function getOutput() {
 
 	/**
 	 * @covers ::onSpecialPageBeforeExecute
-	 * @covers ::denyAccessWith418
+	 * @covers ::denyAccessCustom
 	 */
-	public function testSpecialPageCallsDenyAccessWith418WhenConfigured() {
+	public function testSpecialPageCallsDenyAccessCustomWhenConfigured() {
 		// This test only works with our test stubs, not in MediaWiki's PHPUnit environment
 		if ( !property_exists( '\MediaWiki\MediaWikiServices', 'testUse418' ) ) {
 			$this->markTestSkipped(
@@ -568,10 +568,10 @@ public function testSpecialPageCallsDenyAccessWith418WhenConfigured() {
 		$special->method( 'getContext' )->willReturn( $context );
 
 		$runner = $this->getMockBuilder( Hooks::class )
-			->onlyMethods( [ 'denyAccessWith418' ] )
+			->onlyMethods( [ 'denyAccessCustom' ] )
 			->getMock();
-		// When denyFast is true, only denyAccessWith418 is called (it dies before denyAccess)
-		$runner->expects( $this->once() )->method( 'denyAccessWith418' );
+		// When $testUse418 is true, only denyAccessCustom is called (it dies before denyAccess)
+		$runner->expects( $this->once() )->method( 'denyAccessCustom' );
 
 		$result = $runner->onSpecialPageBeforeExecute( $special, null );
 		$this->assertFalse( $result );