[Ohrrpgce] Dreamhost has a small chance to block wiki CSS and JS
Ralph Versteegen
teeemcee at gmail.com
Sun Sep 29 00:34:15 PDT 2019
On Sun, 29 Sep 2019 at 20:32, Ralph Versteegen <teeemcee at gmail.com> wrote:
> This is an unimportant issue which doesn't require any action, I'm just
> documenting it here
>
> Bird was complaining that the wiki wasn't working problem, not using his
> CSS or allowing him to access it. I had a look at the server error log and
> found the problem, messages like:
>
*working properly
>
> [Sat Sep 28 03:35:42.980592 2019] [:error] [pid 16557] [client
> 84.58.92.235:43630] [client 84.58.92.235] ModSecurity: Access denied with
> code 418 (phase 1). Pattern match
> "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at ARGS:version.
> [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line
> "329"] [id "1990091"] [msg "SQL Hex Encoding Identified"] [hostname "
> rpg.hamsterrepublic.com"] [uri "/ohrrpgce/load.php"] [unique_id
> "XY83fv7zUpTIIXoI32ZlKQAAAAY"], referer:
> http://rpg.hamsterrepublic.com/ohrrpgce/index.php?title=User:TMC/vector.css&curid=8025&diff=33162&oldid=33121
>
> What's going on is that Dreamhost's mod_sec2 is blocking attempts to
> download Bird's CSS file because the request, which looks similar to
>
> https://rpg.hamsterrepublic.com/ohrrpgce/load.php?debug=false&lang=en&modules=user.styles&only=styles&skin=metrolook&user=TMC&version=00aljk2
> has a 'version' arg which looks like a hex code. E.g. if the version code
> were 0xaf5jk2 (0x followed by at least 3 hex characters) then it will be
> blocked. I estimate that the chance of being blocked is roughly 1/330
> assuming the first character is always 0 (but sometimes it's a 1). That's
> rather high! So
> This blocking is done by the Dreamhost server and there is apparently no
> way to modify this rule (which I see described online as "very frequent
> false positives") except to disable protection completely. I don't think we
> should do that. Mediawiki only seems to add a 'version' arg for custom user
> or site CSS and JS, and the version code only changes when the
> corresponding page is edited. So we may see this problem again in future,
> but the solution is just to touch the page.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.motherhamster.org/pipermail/ohrrpgce-motherhamster.org/attachments/20190929/b0ec60a4/attachment.html>
More information about the Ohrrpgce
mailing list