Reduce server load by redirecting to cacheable static page

Interesting point. At first, I was going to suggest simply making the path configurable, then you could just set it to whatever you wanted, but the point about the POST requests being uncachable is a good one.

Is there a way we can build this in to the module so it does not require any web server configuration to redirect the POST request to a GET?

I'm not following then. Your patch adds another Drupal controller. That would do the some invoking for Drupal as what I am suggesting. If you truly want to avoid Drupal all together, why not just add a static HTML file and use htaccess to redirect to it on any request to /antibot?

Yes, static HTML is also possible but in this case you will need to implement header and footer yourself.

antibot-static will be cached by Varnish, so Drupal will be invoked just once.

There is nothing preventing you from requesting /antibot via a GET request. If you need to tinker with htaccess to hijack requests, why not just redirect any POST requests to /antibot to a GET request on /antibot. There's no difference between that page and the one your patch adds. Maybe I'm missing something?

> There is nothing preventing you from requesting /antibot via a GET request...
Each form has hidden input fields with unique values: form_id, form_token, form_build_id. Also bots send unique data. Yes, we can use GET request but all these requests will be handled by Drupal because of theirs uniqueness. These requests will be cached by reverse proxy AFTER they are processed by Drupal. We have tons of such requests and want to decrease load on the servers by caching them by Varnish. We can't change Varnish configuration due to complex infrastructure on the cloud hosting, so this trick with htaccess has been invented.
With this solution Antibot module will be able not only protect forms but also reduce load on the servers.

I understand the issue and agree there should be something in this module to address it. I do not like the current patch for a few reasons:

1. It doesn't actually provide anything functionally. You still need server configuration to do anything with it.
2. The added route is identical to the current one. I still don't quite understand why you cannot just redirect the user to that route instead while doing the same manipulation of the request to make it a GET without any data.
3. This route could easily be added in a custom module. In fact, since you're manually configuring your server, you might as well just direct it to any page or content on your site.
4. If we end up with a solution that does require server configuring, the patch should contain some documentation about it so others can make use of it.

I would like to brainstorm a solution for this which does not require any server configuring. I would think there's a way we can do it - even though it may not be completely as performant as using something like htaccess. Maybe there isn't though..

Okay, I understand.

If this cannot be entirely solved in Drupal, then I don't think committing this makes much sense. You could very simply add a route to a custom module - or even use an existing page on your site, since you have control over the redirect path via htaccess. I would think not relying on this Antibot page is even better so you have full control over the wording/content. The route in antibot does nothing special or specific to meet your needs. It just outputs a generic message.

Please reopen this ticket if there's some way we can even marginally improve performance through this module.

Updated this patch to make it compatible with Drupal 10.5.10