Forum: open-forum
Monitor Forum | 
Start New Thread
| RE: Neurotic security filter? [ Reply ] By: Vicente J. Ruiz Jurado on 2006-07-09 21:56 | [forum:879] |
|
I see more errors in The_Project:Copyrights. If you use jabber you can contact me: vjrj AT ourproject.org and try to fix it. BR, Vicente |
|
| RE: Neurotic security filter? [ Reply ] By: Vicente J. Ruiz Jurado on 2006-07-09 21:21 | [forum:878] |
|
Ok, try now. (See Recent Changes in your wiki) BR, Vicente |
|
| RE: Neurotic security filter? [ Reply ] By: Boxley Hume on 2006-07-09 20:26 | [forum:877] |
|
Thanks Vicente! >For instance, with a new rule, now I >can write in this forum "create from", >or "delete from" or "select from", >without problems. But it's still not possible to write: 'create' a from b (without the quotes) Or a basic english phrase, such as: 'delete' the file from the server Even if the restricted words occur a long way apart in the sentence, the firewall still blocks them. I've collected a list of word pairs that seem to invoke the error. I've stored them all here: http://coop.ourproject.org/tmp/blocked_phrases.txt If we cannot combine these word pairs in the same sentence, it will become quite frustrating to write in english. Since SQL is actually designed to read like natural english, i can't see any effective way to filter SQL queries, without also blocking perfectly valid text. Is it possible to disable this firewall filtering just for the files in our project wiki? Best wishes, boxley |
|
| RE: Neurotic security filter? [ Reply ] By: Vicente J. Ruiz Jurado on 2006-07-09 19:01 | [forum:874] |
|
Hi Boxley, But modsecurity is a kind of web firewall, we can have "access rules", and "deny rules". For instance, with a new rule, now I can write in this forum "create from", or "delete from" or "select from", without problems. Then, if you have any other 500 error in any page, please provide us the URL, and we'll fix it. By the way, thanks for your contribution in our FAQ, and all the feedback. BR, Vicente |
|
| RE: Neurotic security filter? [ Reply ] By: Boxley Hume on 2006-07-09 18:07 | [forum:872] |
|
Hi Vicente, This error occurs for any URL in which you combine certain english words. For example: http://coop.ourproject.org/anything.php?q=Create%20a%20from%20b Also, if you include similar sentences in a POST request it will also cause a 500 error. For example, try posting any one of the sentences in the file http://coop.ourproject.org/tmp/prohibited_strings.txt into this forum. The interim solution i used for the privacy policy page was to replace the word 'create' with 'create'. But this isnt a very practical solution for the rest of wiki. Thanks, Boxley |
|
| RE: Neurotic security filter? [ Reply ] By: Vicente J. Ruiz Jurado on 2006-07-09 08:33 | [forum:869] |
|
Hi Boxley, We use modsecurity to prevent SQL injection attacks. I see an error trying to post in: /wiki/action/submit/The_Project:Privacy_policy that now must be fixed. If you get more errors, please send us, the URL where you get these errors. BR, Vicente |
|
| RE: Neurotic security filter? [ Reply ] By: Boxley Hume on 2006-07-09 06:15 | [forum:868] |
|
Oh dear, those xml entites didn't come out :) Here are the strings again: http://coop.ourproject.org/tmp/prohibited_strings.txt |
|
| Neurotic security filter? [ Reply ] By: Boxley Hume on 2006-07-09 06:07 | [forum:867] |
|
Hi, I've been having a really strange problem with english text on this server. Some sentences cause an internal server error. I have this problem on our project site, but also on this forum. The following sentences all cause an internal server error. I've had to encode them as xml entites in order to be able to post them here: "create wine from water" "insert the disk from microsoft" "drop the piece into place" "drop the table off at my house before noon" "replace the money that was stolen from the bank" "Thoughts give birth to a creative force that is neither elemental nor sidereal. Thoughts create a new heaven, a new firmament, a new source of energy, from which new arts flow." There must be a very extreme security filter running on the server to prevent all of these entries. Without the ability to combine the simple words 'create', 'insert', and 'drop' with others like 'into', 'table', and 'from' in the same sentence, it becomes very awkward to write in English :) Is it possible to disable this security measure for english language projects? Many thanks! Boxley |
|
