14712b4b8359f75ff22425058919a5983443dc59
max
  Mon Dec 15 13:07:53 2025 -0800
documenting captcha exceptions, no redmine, email from Hiram

diff --git src/hg/htdocs/goldenPath/help/mirrorManual.html src/hg/htdocs/goldenPath/help/mirrorManual.html
index f2ba721e539..32ff3460c0c 100755
--- src/hg/htdocs/goldenPath/help/mirrorManual.html
+++ src/hg/htdocs/goldenPath/help/mirrorManual.html
@@ -2696,17 +2696,34 @@
 Go to Cloudflare.com, make an account, login, go to Application Security >
 Turnstile, click "Add Widget", make sure that you enter your publicly visible
 hostname of your web server. Copy the API site key and secret and put it into
 your cgi-bin/hg.conf file:
 </p>
 
 <pre><code># Turns on cloudflare turnstile captcha
 cloudFlareSiteKey=0x4xxxxxxxxxxxxxxx
 cloudFlareSecretKey=0x4xxxxxxxxxxxxx</code></pre>
 
 <p>
 Not need to restart Apache, at the next access to the browser, a one-click captcha will come up.
 The captcha comes up only a single time, once a unique cookie is set, it will never come up again.
 </p>
 
+<p>
+If you do not want to show the captcha for certain user agents:
+</p>
+
+<pre><code>noCaptchaAgent.1=^myUserAgent$
+noCaptchaAgent.2=^AnotherUserAgentRegex</code></pre>
+
+<p>
+Create as many as you want, they will be checked in order, as long as there is a number after the dot.
+</p>
+
+<p>
+If you want to exclude certain IP addresses from the captcha:
+</p>
+
+<pre><code>bottleneck.except=129.101.222.32 0a0a:ffff:136:1::20 10.80.10.10</code></pre>
+
 
 <!--#include virtual="$ROOT/inc/gbPageEnd.html" -->