[Ohrrpgce] Dreamhost has a small chance to block wiki CSS and JS

James Paige Bob at hamsterrepublic.com
Sun Oct 20 06:11:33 PDT 2019

Ah, thank you for documenting this!

I had missed this mail when you first sent it because it went into my spam

Mediawiki is arguably the most important thing on hamsterrepublic.com other
than the storage space for binaries... If I was ever able to find a good
dedicated Mediawiki hosting service that specialized only in mediawiki, I
would consider switching our wiki there, even if it cost something to do.

James Paige

On Sun, Sep 29, 2019 at 3:33 AM Ralph Versteegen <teeemcee at gmail.com> wrote:

> This is an unimportant issue which doesn't require any action, I'm just
> documenting it here
> Bird was complaining that the wiki wasn't working problem, not using his
> CSS or allowing him to access it. I had a look at the server error log and
> found the problem, messages like:
> [Sat Sep 28 03:35:42.980592 2019] [:error] [pid 16557] [client
>] [client] ModSecurity: Access denied with
> code 418 (phase 1). Pattern match
> "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at ARGS:version.
> [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line
> "329"] [id "1990091"] [msg "SQL Hex Encoding Identified"] [hostname "
> rpg.hamsterrepublic.com"] [uri "/ohrrpgce/load.php"] [unique_id
> "XY83fv7zUpTIIXoI32ZlKQAAAAY"], referer:
> http://rpg.hamsterrepublic.com/ohrrpgce/index.php?title=User:TMC/vector.css&curid=8025&diff=33162&oldid=33121
> What's going on is that Dreamhost's mod_sec2 is blocking attempts to
> download Bird's CSS file because the request, which looks similar to
> https://rpg.hamsterrepublic.com/ohrrpgce/load.php?debug=false&lang=en&modules=user.styles&only=styles&skin=metrolook&user=TMC&version=00aljk2
> has a 'version' arg which looks like a hex code. E.g. if the version code
> were 0xaf5jk2 (0x followed by at least 3 hex characters) then it will be
> blocked. I estimate that the chance of being blocked is roughly 1/330
> assuming the first character is always 0 (but sometimes it's a 1). That's
> rather high! So
> This blocking is done by the Dreamhost server and there is apparently no
> way to modify this rule (which I see described online as "very frequent
> false positives") except to disable protection completely. I don't think we
> should do that. Mediawiki only seems to add a 'version' arg for custom user
> or site CSS and JS, and the version code only changes when the
> corresponding page is edited. So we may see this problem again in future,
> but the solution is just to touch the page.
> _______________________________________________
> Ohrrpgce mailing list
> ohrrpgce at lists.motherhamster.org
> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.motherhamster.org/pipermail/ohrrpgce-motherhamster.org/attachments/20191020/6cd88d91/attachment.html>

More information about the Ohrrpgce mailing list