[Ohrrpgce] Dreamhost has a small chance to block wiki CSS and JS

Ralph Versteegen teeemcee at gmail.com
Sun Oct 20 18:53:16 PDT 2019

On Mon, 21 Oct 2019 at 02:11, James Paige <Bob at hamsterrepublic.com> wrote:

> Ah, thank you for documenting this!
> I had missed this mail when you first sent it because it went into my spam
> folder.
These spam blockers are conspiring with each other to create a world in
which they can not be questioned!

> Mediawiki is arguably the most important thing on hamsterrepublic.com
> other than the storage space for binaries... If I was ever able to find a
> good dedicated Mediawiki hosting service that specialized only in
> mediawiki, I would consider switching our wiki there, even if it cost
> something to do.
> ---
> James Paige
> On Sun, Sep 29, 2019 at 3:33 AM Ralph Versteegen <teeemcee at gmail.com>
> wrote:
>> This is an unimportant issue which doesn't require any action, I'm just
>> documenting it here
>> Bird was complaining that the wiki wasn't working problem, not using his
>> CSS or allowing him to access it. I had a look at the server error log and
>> found the problem, messages like:
>> [Sat Sep 28 03:35:42.980592 2019] [:error] [pid 16557] [client
>>] [client] ModSecurity: Access denied
>> with code 418 (phase 1). Pattern match
>> "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at ARGS:version.
>> [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line
>> "329"] [id "1990091"] [msg "SQL Hex Encoding Identified"] [hostname "
>> rpg.hamsterrepublic.com"] [uri "/ohrrpgce/load.php"] [unique_id
>> "XY83fv7zUpTIIXoI32ZlKQAAAAY"], referer:
>> http://rpg.hamsterrepublic.com/ohrrpgce/index.php?title=User:TMC/vector.css&curid=8025&diff=33162&oldid=33121
>> What's going on is that Dreamhost's mod_sec2 is blocking attempts to
>> download Bird's CSS file because the request, which looks similar to
>> https://rpg.hamsterrepublic.com/ohrrpgce/load.php?debug=false&lang=en&modules=user.styles&only=styles&skin=metrolook&user=TMC&version=00aljk2
>> has a 'version' arg which looks like a hex code. E.g. if the version code
>> were 0xaf5jk2 (0x followed by at least 3 hex characters) then it will be
>> blocked. I estimate that the chance of being blocked is roughly 1/330
>> assuming the first character is always 0 (but sometimes it's a 1). That's
>> rather high! So
>> This blocking is done by the Dreamhost server and there is apparently no
>> way to modify this rule (which I see described online as "very frequent
>> false positives") except to disable protection completely. I don't think we
>> should do that. Mediawiki only seems to add a 'version' arg for custom user
>> or site CSS and JS, and the version code only changes when the
>> corresponding page is edited. So we may see this problem again in future,
>> but the solution is just to touch the page.
>> _______________________________________________
>> Ohrrpgce mailing list
>> ohrrpgce at lists.motherhamster.org
>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
> _______________________________________________
> Ohrrpgce mailing list
> ohrrpgce at lists.motherhamster.org
> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.motherhamster.org/pipermail/ohrrpgce-motherhamster.org/attachments/20191021/73eb475f/attachment.html>

More information about the Ohrrpgce mailing list