CD 403 error when replying

Similar to CD 502 Error While Replying, except 403? We’ll see if it lets me post here.

Hm, I can reply here. I can’t reply to Ntcore import issues for some reason.

Edit: still cannot reply to that post

403 is “Unauthorized” probably using a token or a session to check if you are allowed to post. But like the other actions (liking) causing 502 errors the server is still dealing with that backlog and is missing some actions. I’m not sure how much longer it will be like this though.

It’s hit and miss when the server is “too busy” to actually finish the auth check or update the data in the database with your new actions

Brandon will post in this thread when the issues are resolved:

2 Likes

It may not necessarily be related to that.

Is it just that topic giving you the error @virtuald ?

@virtuald said (I am replying for him) that he can’t reply to anything at the moment

1 Like

Maybe I can now?

1 Like

Hm, I can respond to this, and a different post, but still not that post I mentioned originally. I’ve tried clearing my cache and logging in/out.

Ok, every time that I try to post a particular set of text, it fails with the 403 error. I have emailed it to webmaster.

Well, cloudflare is rejecting certain commands according to Brandon:

That is the Cloudflare WAF I mentioned, it’s blocking due to "Command Injection - Common Attack Commands

Going to try some of them. How about cat /etc/os-release? Ok, pip3 list? Hm, python3 -m pip list'?

So the command that it doesn’t like is uname followed by an -a. That’s stupid, how is uname part of an attack?

sudo rm -rf --no-preserve-root /* && sudo reboot now

Good thing it doesn’t filter this perfectly harmless command

4 Likes

Ideally, it would be nice if discourse could have some cloudflare integration that notices the 403 error and tell you “hey this got blocked because of the thing that you posted”.

A google search brought up this thread “Using Discourse with Cloudflare: Best Practices”, and it mentions that WAF should be disabled for posts:

WAF Settings depend upon Cloudflare plan type and security needs. If your Cloudflare account supports Managed Rules, configure a Managed Rule to Skip WAF on post creation / edits . Do this by adding a Managed Rule matching on URI Path and Request method. The Rule should appear as follows: (http.request.uri.path matches "/posts(/[0-9]+)?" and http.request.method in {"POST" "PUT"}) . Choose the option to Skip all remaining rules and enable Log matching requests .