Btcpayserver: Feature request- Robots Meta Tag and/or robots.txt

Created on 10 Nov 2018 · 2Comments · Source: btcpayserver/btcpayserver

For security purposes, it would seem like a good idea to give the user the option to not have the web interface indexed by search engines, either through meta tagging or a robots.txt. Since the recommended install is one-click via Docker, it's not easy to have the user add a robots.txt to his btcpay subdomain himself manually.

Closing Enhancement Feature Request good first issue

Source

JeffVandrewJr

👍1

Most helpful comment

That is definitely a valid and interesting question. Ultimately though, I don't see any downside, as I can't imagine someone deciding not to implement a security practice (2FA or otherwise) based upon the security of not being indexed by major search engines. I could be wrong.

Beyond security concerns, as someone who uses BTCPay for billing in a professional practice, I would prefer that potential clients not stumble across a subdomain intended to be internal when googling us. It might seem a little weird to non-technical people.

That said, it's certainly not a huge deal or a critical issue. Just a feature I thought I'd mention if easy to implement.

JeffVandrewJr on 11 Dec 2018

👍3

All 2 comments

I think this is a good idea. A potential attacker could easily copy text from btcpay front page and find all hosts. I'm sure if a user wanted to exploit it can do it anyway through search engines who don't honor noindex tag.

So the question is will this give a false sense of security or really prevent attackers?