ad3fa90ca874db73ed3e9109d468ef3cd5db9797
max
  Mon Dec 15 11:09:30 2025 -0800
documenting the cloudflare captcha, no redmine, email from Hiram

diff --git src/product/mirrorManual.txt src/product/mirrorManual.txt
index 094dbffe06b..3b3701b4ee7 100644
--- src/product/mirrorManual.txt
+++ src/product/mirrorManual.txt
@@ -1973,15 +1973,30 @@
        SSILegacyExprParser on
        Options Indexes FollowSymLinks MultiViews Includes
        AllowOverride None
        Require all granted
     </Directory>
     AddOutputFilterByType DEFLATE text/html text/plain text/css text/javascript application/x-javascript application/json application/javascript
     SSLEngine on
     SSLProtocol all -SSLv2 -SSLv3
     SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
     SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
     SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
     SSLCertificateChainFile /etc/httpd/conf/ssl.crt/chain.crt
     Header set Access-Control-Allow-Origin "*" 
     Header set Access-Control-Allow-Headers "Range" 
     </VirtualHost>
+
+# Set up the Cloudflare captcha
+
+Go to Cloudflare.com, make an account, login, go to Application Security >
+Turnstile, click "Add Widget", make sure that you enter your publicly visible
+hostname of your web server. Copy the API site key and secret and put it into
+your cgi-bin/hg.conf file:
+
+    # Turns on cloudflare turnstile captcha
+    cloudFlareSiteKey=0x4xxxxxxxxxxxxxxx
+    cloudFlareSecretKey=0x4xxxxxxxxxxxxx
+
+Not need to restart Apache, at the next access to the browser, a one-click captcha will come up.
+The captcha comes up only a single time, once a unique cookie is set, it will never come up again.
+