Similar to CD 502 Error While Replying, except 403? We’ll see if it lets me post here.
Hm, I can reply here. I can’t reply to Ntcore import issues for some reason.
Edit: still cannot reply to that post
403 is “Unauthorized” probably using a token or a session to check if you are allowed to post. But like the other actions (liking) causing 502 errors the server is still dealing with that backlog and is missing some actions. I’m not sure how much longer it will be like this though.
It’s hit and miss when the server is “too busy” to actually finish the auth check or update the data in the database with your new actions
Brandon will post in this thread when the issues are resolved:
It may not necessarily be related to that.
Is it just that topic giving you the error @virtuald ?
@virtuald said (I am replying for him) that he can’t reply to anything at the moment
Maybe I can now?
Hm, I can respond to this, and a different post, but still not that post I mentioned originally. I’ve tried clearing my cache and logging in/out.
Ok, every time that I try to post a particular set of text, it fails with the 403 error. I have emailed it to webmaster.
Well, cloudflare is rejecting certain commands according to Brandon:
That is the Cloudflare WAF I mentioned, it’s blocking due to "Command Injection - Common Attack Commands
Going to try some of them. How about cat /etc/os-release
? Ok, pip3 list
? Hm, python3 -m pip list'
?
So the command that it doesn’t like is uname
followed by an -a
. That’s stupid, how is uname
part of an attack?
sudo rm -rf --no-preserve-root /* && sudo reboot now
Good thing it doesn’t filter this perfectly harmless command
Ideally, it would be nice if discourse could have some cloudflare integration that notices the 403 error and tell you “hey this got blocked because of the thing that you posted”.
A google search brought up this thread “Using Discourse with Cloudflare: Best Practices”, and it mentions that WAF should be disabled for posts:
WAF Settings depend upon Cloudflare plan type and security needs. If your Cloudflare account supports Managed Rules, configure a Managed Rule to
Skip WAF on post creation / edits
. Do this by adding a Managed Rule matching on URI Path and Request method. The Rule should appear as follows:(http.request.uri.path matches "/posts(/[0-9]+)?" and http.request.method in {"POST" "PUT"})
. Choose the option toSkip all remaining rules
and enableLog matching requests
.