src/hg/htdocs/goldenPath/help/mirrorManual.html ad3fa90ca874db73ed3e9109d468ef3cd5db9797

ad3fa90ca874db73ed3e9109d468ef3cd5db9797
max
  Mon Dec 15 11:09:30 2025 -0800
documenting the cloudflare captcha, no redmine, email from Hiram

diff --git src/hg/htdocs/goldenPath/help/mirrorManual.html src/hg/htdocs/goldenPath/help/mirrorManual.html
index caba5516201..f2ba721e539 100755
--- src/hg/htdocs/goldenPath/help/mirrorManual.html
+++ src/hg/htdocs/goldenPath/help/mirrorManual.html
@@ -23,30 +23,31 @@
 <h6><a href='#adding-your-own-track-groups-to-the-browser'>Adding your own track groups to the browser</a></h6>
 <h6><a href='#adding-your-own-tracks-to-the-browser'>Adding your own tracks to the browser</a></h6>
 <h6><a href='#adding-a-new-custom-non-ucsc-genome-to-the-browser'>Adding a new, custom (non-UCSC) genome to the browser</a></h6>
 <h6><a href='#modifying-the-source-code'>Modifying the source code</a></h6>
 <h6><a href='#custom-track-database'>Custom Track Database</a></h6>
 <h6><a href='#debugging-the-cgi-binaries'>Debugging the CGI binaries</a></h6>
 <h6><a href='#notes-on-security'>Notes on security</a></h6>
 <h6><a href='#proxy-support'>Proxy support</a></h6>
 <h6><a href='#support-for-cloud-urls'>Support for cloud URLs</a></h6>
 <h6><a href='#the-udc-local-cache-directory'>The UDC local cache directory</a></h6>
 <h6><a href='#activating-cram-support-for-the-genome-browser'>Activating CRAM support for the Genome Browser.</a></h6>
 <h6><a href='#using-freetype-font-support-for-anti-aliased-text'>Using FreeType font support for anti-aliased text</a></h6>
 <h6><a href='#building-the-kent-source-tree'>Building the kent source tree.</a></h6>
 <h6><a href='#adding-a-track-hub-to-your-hubpublic-table-so-it-appears-under-my-data-gt-track-hubs'>Adding a track hub to your hubPublic table so it appears under My Data &gt; Track Hubs</a></h6>
 <h6><a href='#make-the-api-work-in-the-same-way-as-on-the-public-website'>Make the API work in the same way as on the public website</a></h6>
+<h6><a href='#set-up-the-cloudflare-captcha'>Set up the Cloudflare captcha</a></h6>
 <a name='overview-of-the-genome-browser-directories-and-databases'></a>
 <h2>Overview of the Genome Browser directories and databases</h2>
 
 <p>
 The genome browser requires only Apache and MariaDB and uses these directories:
 </p>
 
 <ul>
 <li>static html files: we typically keep them under /usr/local/apache/htdocs and
 configure Apache to load them from there, to avoid conflicts with the
 distribution of the Linux default location /var/www/html</li>
 <li>MariaDB databases: most of them are read-only, except the <code>hgcentral</code> database
 which is read-write. Most linux distributions keep these under /var/lib/mysql.
 (It is possible to get the genome browser to work with MySQL after version 8,
 but we do highly discourage it, as our download procedures use MyISAM .frm
@@ -2676,17 +2677,36 @@
    Options Indexes FollowSymLinks MultiViews Includes
    AllowOverride None
    Require all granted
 &lt;/Directory&gt;
 AddOutputFilterByType DEFLATE text/html text/plain text/css text/javascript application/x-javascript application/json application/javascript
 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
 SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
 SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
 SSLCertificateChainFile /etc/httpd/conf/ssl.crt/chain.crt
 Header set Access-Control-Allow-Origin &quot;*&quot; 
 Header set Access-Control-Allow-Headers &quot;Range&quot; 
 &lt;/VirtualHost&gt;</code></pre>
 
+<a name='set-up-the-cloudflare-captcha'></a>
+<h2>Set up the Cloudflare captcha</h2>
+
+<p>
+Go to Cloudflare.com, make an account, login, go to Application Security &gt;
+Turnstile, click &quot;Add Widget&quot;, make sure that you enter your publicly visible
+hostname of your web server. Copy the API site key and secret and put it into
+your cgi-bin/hg.conf file:
+</p>
+
+<pre><code># Turns on cloudflare turnstile captcha
+cloudFlareSiteKey=0x4xxxxxxxxxxxxxxx
+cloudFlareSecretKey=0x4xxxxxxxxxxxxx</code></pre>
+
+<p>
+Not need to restart Apache, at the next access to the browser, a one-click captcha will come up.
+The captcha comes up only a single time, once a unique cookie is set, it will never come up again.
+</p>
+
 
 <!--#include virtual="$ROOT/inc/gbPageEnd.html" -->