Discussion
Try changing the wording of your post.
For some strange reason, I got the 403 error when replying to a thread in the Business section, went back, change the wording and it worked, edited the post and changed the wording again and it worked again. Edited and changed it to the original wording, still wouldn't post.
For some strange reason, I got the 403 error when replying to a thread in the Business section, went back, change the wording and it worked, edited the post and changed the wording again and it worked again. Edited and changed it to the original wording, still wouldn't post.
jammy-git said:
Try changing the wording of your post.
For some strange reason, I got the 403 error when replying to a thread in the Business section, went back, change the wording and it worked, edited the post and changed the wording again and it worked again. Edited and changed it to the original wording, still wouldn't post.
I did try posting something different, computer still said no!! For some strange reason, I got the 403 error when replying to a thread in the Business section, went back, change the wording and it worked, edited the post and changed the wording again and it worked again. Edited and changed it to the original wording, still wouldn't post.
Hey folks! Thanks for bearing with us on this one -
As some of you have guessed this boiled down to some new security measures we've put in place.. unfortunately the standard/default ruleset we were using was interpreting some text as dangerous and erroneously blocking the request.
An example of this was 300bhp/ton's (very helpful!) repro text of "find online" which was flagging a block rule to stop XSS (e.g. assumed onerror, onclick).
The reason this took some time to sort out was that this firewall is an external product, so we needed to first introduce clearer logging (to understand the scope of the problem), and then research the marketplace for an appropriate replacement, and finally ensure the new product still fit our security requirements whilst not catching false positives such as this.
Anyway.. things should hopefully be looking better for you all now!
As some of you have guessed this boiled down to some new security measures we've put in place.. unfortunately the standard/default ruleset we were using was interpreting some text as dangerous and erroneously blocking the request.
An example of this was 300bhp/ton's (very helpful!) repro text of "find online" which was flagging a block rule to stop XSS (e.g. assumed onerror, onclick).
The reason this took some time to sort out was that this firewall is an external product, so we needed to first introduce clearer logging (to understand the scope of the problem), and then research the marketplace for an appropriate replacement, and finally ensure the new product still fit our security requirements whilst not catching false positives such as this.
Anyway.. things should hopefully be looking better for you all now!
Just had the 403 when trying to create a new topic in the "Computers, Gadgets and Stuff" area. As my post is about websites, it includes a couple of example (non-existent) URLs.
ETA: taking out all of the URLs allowed me to post. A bit of a shame, as the whole point was to ask questions about domain names sub-domains and DDNS.
ETA: taking out all of the URLs allowed me to post. A bit of a shame, as the whole point was to ask questions about domain names sub-domains and DDNS.
Edited by Escapegoat on Thursday 9th April 09:44
Hey Escapegoat - that is a little frustrating! I wonder what format the urls are in (query strings, encoded characters) that may trigger the rules blocking it?
For instance - no issue with:
https://www.pistonheads.com/
https://www.pistonheads.com/classifieds/used-cars
https://www.pistonheads.com/classifieds?Category=u...
https://www.pistonheads.com/classifieds?Category=u...
For instance - no issue with:
https://www.pistonheads.com/
https://www.pistonheads.com/classifieds/used-cars
https://www.pistonheads.com/classifieds?Category=u...
https://www.pistonheads.com/classifieds?Category=u...
The URLs in my posting were hypothetical examples - related to setting up a NAS at home for sharing files over the Internet. So the URLs were along the lines of http://files.myownwebsite.com/shared/2029report.pd...
(will try to post this as-is)
ETA: yes, that worked just fine, as you can see.
(will try to post this as-is)
ETA: yes, that worked just fine, as you can see.
Getting the 403 trying to reply to this thread - https://www.pistonheads.com/gassing/topic.asp?h=0&...
This is the content I'm trying to post.
This is the content I'm trying to post.
Hi rscott - thanks for letting us know - I've had a quick look, and can see that the text causing this is -
- which the firewall is interpreting as attempted SQL injection - https://www.w3schools.com/sql/func_sqlserver_cast....
Unfortunately we are not able to override this, and so this then falls into the small amount of edge cases which can trigger these blocking rules.
To make the user experience better we are planning to improve the 403 error page seen to better instruct users what may be causing this when it occasionally pops up.
Cheers!
- which the firewall is interpreting as attempted SQL injection - https://www.w3schools.com/sql/func_sqlserver_cast....
Unfortunately we are not able to override this, and so this then falls into the small amount of edge cases which can trigger these blocking rules.
To make the user experience better we are planning to improve the 403 error page seen to better instruct users what may be causing this when it occasionally pops up.
Cheers!
Here seems as good as any time to bring it up.... does PH have any plans to update the software the site runs?
Improve the user interface, particularly on mobiles and relating to the uploading of images, text formatting etc and likely fixing this issue once and for all.
Appears mad that the forum does not handle entries in a way which would remove the ability to type what you like without risking compromise or a blocking filter.
Daniel
Improve the user interface, particularly on mobiles and relating to the uploading of images, text formatting etc and likely fixing this issue once and for all.
Appears mad that the forum does not handle entries in a way which would remove the ability to type what you like without risking compromise or a blocking filter.
Daniel
Gassing Station | Website Feedback | Top of Page | What's New | My Stuff