[Ohrrpgce] Dreamhost has a small chance to block wiki CSS and JS
Ralph Versteegen
teeemcee at gmail.com
Sun Sep 29 00:32:46 PDT 2019
This is an unimportant issue which doesn't require any action, I'm just
documenting it here
Bird was complaining that the wiki wasn't working problem, not using his
CSS or allowing him to access it. I had a look at the server error log and
found the problem, messages like:
[Sat Sep 28 03:35:42.980592 2019] [:error] [pid 16557] [client
84.58.92.235:43630] [client 84.58.92.235] ModSecurity: Access denied with
code 418 (phase 1). Pattern match
"(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at ARGS:version.
[file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line
"329"] [id "1990091"] [msg "SQL Hex Encoding Identified"] [hostname "
rpg.hamsterrepublic.com"] [uri "/ohrrpgce/load.php"] [unique_id
"XY83fv7zUpTIIXoI32ZlKQAAAAY"], referer:
http://rpg.hamsterrepublic.com/ohrrpgce/index.php?title=User:TMC/vector.css&curid=8025&diff=33162&oldid=33121
What's going on is that Dreamhost's mod_sec2 is blocking attempts to
download Bird's CSS file because the request, which looks similar to
https://rpg.hamsterrepublic.com/ohrrpgce/load.php?debug=false&lang=en&modules=user.styles&only=styles&skin=metrolook&user=TMC&version=00aljk2
has a 'version' arg which looks like a hex code. E.g. if the version code
were 0xaf5jk2 (0x followed by at least 3 hex characters) then it will be
blocked. I estimate that the chance of being blocked is roughly 1/330
assuming the first character is always 0 (but sometimes it's a 1). That's
rather high! So
This blocking is done by the Dreamhost server and there is apparently no
way to modify this rule (which I see described online as "very frequent
false positives") except to disable protection completely. I don't think we
should do that. Mediawiki only seems to add a 'version' arg for custom user
or site CSS and JS, and the version code only changes when the
corresponding page is edited. So we may see this problem again in future,
but the solution is just to touch the page.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.motherhamster.org/pipermail/ohrrpgce-motherhamster.org/attachments/20190929/1e1c12ab/attachment.html>
More information about the Ohrrpgce
mailing list