I locked myself out of the site :)
- Thread starter Bonsai Nut
- Start date
leatherback
The Treedeemer
Me locking myself out of my own website will not help you @Bonsai Nut
sorce
Nonsense Rascal
To see if we care about you enough to tell you to stop talking to yourself!?
Sorce
Note the extra space and add the deleted adjective if you wish!
Harunobu
Chumono
Yes. It is something I do. Making long posts.
leatherback
The Treedeemer
Bonsai Nut
Nuttier than your average Nut
No that's not it at all. I think it was just a misunderstanding. I think @Harunobu thought I didn't believe him, when the truth is that sometimes I can't replicate the error and have a hard time fixing that which I can't break.
However I think we are getting close. @Harunobu is triggering firewall hits, over and over, with content that he is trying to send via PM. I have asked him to send me the content of what he was trying to post. It is something in the content, specifically, that is triggering the error. The firewall thinks he is trying to send an SQL exploit... and it is something that has to do with the body of content that he is trying to send.
I don't think it is the length of the response, since I triggered it yesterday doing something with a response that was not very long.
leatherback
The Treedeemer
Look for combi's of quote, double quotes and semicoloms. Depending on how the script sanitizes it might refuse content, remove or miss. When I wrote CMS in php I went for filtering out and clipping content to the fieldsize. But not all software has that properly worked out.
Harunobu
Chumono
It is not just the length. I have had the error on about 10 occasions. And always cutting it up in parts has solved the issue. I have always posted whatever I wanted to post. And it is not a specific word either. I tried to figure out what part of my message was triggering it. When I got close to a sentence, I even tried to rewrite it. I never was able to nail down exactly what part of my message was triggering the false positive.
Oh, and it is not quotes. Often it seemed that the part that was triggering it was pain text. No links, images or quotes.
Oh, and it is not quotes. Often it seemed that the part that was triggering it was pain text. No links, images or quotes.
Bonsai Nut
Nuttier than your average Nut
Bonsai Nut
Nuttier than your average Nut
Ok... I can finally tell you about his problem/bug/issue.
The bug is caused by a bad firewall rule at the server level. Specifically, we were getting false positives for a "SQL Injection Attack" for anyone who, in their content, used the terms "select" and "from" in the same text field. For example if you sent someone the following PM, or tried to post:
"I recommend you select the best cultivars from Japan"
you would generate an error if you tried to post it... and if you continued to try to post it (five times) you would get blocked from the site for an hour. And it applied to any combination of letters that included "select" and "from". Selection, selective, selects - would all trigger the error, as would "frommage" which is a term that @sorce uses frequently
The reason behind this rule is simple "select from" is an SQL statement, and (without getting into more tech details) the server firewall was particularly sensitive to the use of those letters, in that combination.
However... our site does not allow active code to be executed from text fields. All text field content is rendered to BB code and never gets close to the database. So the firewall was flagging that text erroneously - because it was just innocuous text and not active code. Bad firewall rule writing. False positives. And the longer the post you would write, the more likely you would be to use the letters "select" and "from" in one field.
So... I have whitelisted the rule in our firewall rules, so you can go back to saying "select" and "from" in your posts. The rule in this case is maintained by a 3rd party (open source code) and I have notified them of the issues related with their shotgun approach to a rifle problem. The firewall remains... but this one rule has been sidelined for the time being
The bug is caused by a bad firewall rule at the server level. Specifically, we were getting false positives for a "SQL Injection Attack" for anyone who, in their content, used the terms "select" and "from" in the same text field. For example if you sent someone the following PM, or tried to post:
"I recommend you select the best cultivars from Japan"
you would generate an error if you tried to post it... and if you continued to try to post it (five times) you would get blocked from the site for an hour. And it applied to any combination of letters that included "select" and "from". Selection, selective, selects - would all trigger the error, as would "frommage" which is a term that @sorce uses frequently
The reason behind this rule is simple "select from" is an SQL statement, and (without getting into more tech details) the server firewall was particularly sensitive to the use of those letters, in that combination.However... our site does not allow active code to be executed from text fields. All text field content is rendered to BB code and never gets close to the database. So the firewall was flagging that text erroneously - because it was just innocuous text and not active code. Bad firewall rule writing. False positives. And the longer the post you would write, the more likely you would be to use the letters "select" and "from" in one field.
So... I have whitelisted the rule in our firewall rules, so you can go back to saying "select" and "from" in your posts. The rule in this case is maintained by a 3rd party (open source code) and I have notified them of the issues related with their shotgun approach to a rifle problem. The firewall remains... but this one rule has been sidelined for the time being
Last edited:
Hack Yeah!
Omono
leatherback
The Treedeemer
It is a pity because I like to select the best frommage from France where the selection if just the best!
leatherback
The Treedeemer
No errors!
Similar threads
