Post a message with a leading slash

[cookdav]

Hmmm...this problem is 'messy'. I've got a reply (that I've saved), and no matter what I try,
I can't see to find any way to NOT get this 'method not implemented' error when I try
to view/post it.

Maybe I'm misunderstanding the 'rules'?

My prospective post has some normal forward-slashed directory and file references, in 2 or 3
places. So, I need the tags around the just the first slash, in each occurrence? And, even
when that occurrence is already within 'quoted-string' tags?

[I'm about ready to just give up, and not make the post.]

Is this 'problem' something that is or will-be worked on and fixed? Or, do we all need to now
learn this new method of posting and replying?

[Adrian]

The problem was solved as far as I know, look /etc/apt/sources.list You might have found another security "feature", maybe you have wget in the code?
Try to post (preview) part of what you post and detect where the problem is.

[richb]

Yes, the slash issue was corrected for this forum and the wiki, and you are able to post normally. If it is a wget we still have that problem. If you put the bold tags around the w only it should post.
wget

Code: Select all

[b]w[/b]get

[GoManutd]

wouldn't necessarily call it a problem, rather it's a security check that prevents hacker from downloading stuff from the server and/or using our servers to download stuff from elsewhere on the net.

the slash checking rule was modified, but modifying the rule for wget is a bit trickier because it can pose wider issues when checking for server side application names.

[richb]

wouldn't necessarily call it a problem, rather it's a security check that prevents hacker from downloading stuff from the server and/or using our servers to download stuff from elsewhere on the net.

the slash checking rule was modified, but modifying the rule for wget is a bit trickier because it can pose wider issues when checking for server side application names.

Thank you for the excellent clarification.

[cookdav]

wouldn't necessarily call it a problem, rather it's a security check that prevents hacker from downloading stuff from the server and/or using our servers to download stuff from elsewhere on the net.

the slash checking rule was modified, but modifying the rule for wget is a bit trickier because it can pose wider issues when checking for server side application names.

Thank you for the excellent clarification.

Not sure I follow why that it's a 'security check'. Did we have such limitation/issue in the other forums? Seems to me,
it's a bug or unnecessary side-effect from sloppy coding somewhere in this new 'phpBB' system!?

No, there's no 'wget' in my prospective failing post.

[That said, once I solve this, the issue should go away (for me, at least). So, I will keep working at figuring
out where the problem is.]

[richb]

wouldn't necessarily call it a problem, rather it's a security check that prevents hacker from downloading stuff from the server and/or using our servers to download stuff from elsewhere on the net.

the slash checking rule was modified, but modifying the rule for wget is a bit trickier because it can pose wider issues when checking for server side application names.

Thank you for the excellent clarification.

Not sure I follow why that it's a 'security check'. Did we have such limitation/issue in the other forums? Seems to me,
it's a bug or unnecessary side-effect from sloppy coding somewhere in this new 'phpBB' system!?

No, there's no 'wget' in my prospective failing post.

[That said, once I solve this, the issue should go away (for me, at least). So, I will keep working at figuring
out where the problem is.]

It is not the phpBB software, nor is it any coding sloppiness. It is the server we are on that has the security feature deliberately put in place. It is a different server than ML was on, and it is a shared server. The security features have been implemented by the person we share with. GoManutd has helped with the server questions and can give a far better explanation than I can.

If you like you can send me the post on my private email. If you PM me I will give you my email address.

[GoManutd]

it's an awesome piece of software called modsecurity. it's essentially a web application firewall - instead of sniffing packets it looks at payloads.

what it helps prevent are things like sql injection attacks, well known attacks, as well as providing a level of protection against unknown/undocumented attacks.

so things like sending a payload to an app that the sql server would execute and, say, turn around and send back /etc/passwd

it really is a required piece of software for any web server, as web applications become increasingly complex and interact with other web services that may, or may not be under the same "roof".

[cookdav]

Oops...yes, there IS a w-get, which was the cause of my grief.

[Putting tags around the w wasn't quite the total answer, because then those tags don't dissappear
when you view it, if the w-get is within a larger 'code' tagged sequence, so I had to eliminate the code tags.]

[richb]

Oops...yes, there IS a w-get, which was the cause of my grief.

[Putting tags around the w wasn't quite the right answer, because then those tags don't dissappear
when you view it, if the w-get is within a larger 'code' tagged sequence, so I had to eliminate the code tags.]

Correct. In a regular posting they will make the w appear bold, In code they show as the tags. Which is as expected since code is exactly that, and will show any code tags. Sorry that was a bit redundant, but I could not find another way to express it.