New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Amusing "Censorship" by LET? xD
Mitchfizz05
Member
in General
Well, sort of censorship. Although it seems to be enforced by Cloudflare.
I'm not sure if I'm the only one having this problem, but I can't post...
Literally. Not in replies or topics. I get this when trying to embed it in my topic:
Or this when trying to embed it in my post:
Comments
It's cloudflares WAF (Web Application Firewall).
I'm assuming it's on strict
I can post /var/www/ without any problems...
damn
Yep same here, typing that string and clicking "Preview" gets me the same blocking windows.
there are loads of things that do the same, its very sensitive about forward slashes, e.g. /proc/cpuinfo and hit preview.
@Mitchfizz05 browser addons ? Virus? Shared IP?
This one doesn't cause the problem for me.
A simple Australian iiNet residential IP. No VPNs or anything involved.
Virus, I hope not - it doesn't appear to be a client side problem though.
Cloudflare give same error on different forums that use CloudFlare.
odd.
Same here can't post / var / www /
/var/ww
Can't post www cloudflare error..
$ echo "Hello world" >> /var/www/index.html
It's a Cloudflare response not client side, although it depends what you put. It doesn't like Linux file directories (at least the default ones) such as the hosts file file path.
/ var / www /
For me it does not work in either preview or post.
On a forum where there are particularly good reasons for posting something like that, I think it would be a good idea to fix it. /opinion
I wouldn't hold my breath. It's been a problem for months, and reported before.
Well if I'm not going to hold my breath, I might as well add a request for implementing proper html markup. The Register does that in their (very large international) forum, and the reason they decided to do that (they said) is that it is a tech forum, and users can be expected to be familiar with the web. Surely it is the same here.
Have you contacted Cloudflare about it? Let them about the false positive.
Over Twitter, yes.
I'm afraid that's not enough. Contact them directly, give them soem more details, like the website you are visiting and they Ray ID (which I believe is a unique number identifying the session). Give them something to work on.
CloudFlares solution to bad developers & software is blocking all common fuzz strings and characters that could be used maliciously.
I guess the only solution is to get LET to turn down the filter, or just make sure that vanilla is actually sanitizing.
I tried load LET from Tor and got blocked several times.They know Tor IPs and block access.
It sounds like there is some real bad code on LET if they need to compromise to that extent.
rm -rf /*
mysql -u root -e 'drop database *'
^^ Cloudflare doesn't block either on mobile or PC.
Pft - why would anyone use Vanilla if it didn't sanitize things?
EDIT: Using the Chrome Compression Proxy also shows an error.
Got this for a few random things in the past, silly error...
Seems fine to me as well.
I just logged in with tor from another computer with a different IP. It asked me for a captcha and that was all. So, it actually looks like it works just fine - at least for me.
All LET code is public and open source, with the exception of one simple module (the one that auto-sinks offers), so feel free to have a peek yourself :-)
Vanilla is sanitizing. I'm not sure why the WAF is set to a setting this strict, but I'll send an e-mail to CC to ask about it.
Agreed.
It's a CloudFlare thing, though, and while this particular setting may be annoying, I'm not aware of the benefits we may get from this WAF level and how that weighs up against the downside.