+ Reply to Thread
Results 1 to 1 of 1

Thread: Overactive WAF on these forums preventing detailed bug reporting

  1. #1
    Ascendant forbiddenlake's Avatar
    Join Date
    Jun 2013
    Posts
    5,763

    Default Overactive WAF on these forums preventing detailed bug reporting

    Problem: Sometimes when posting, especially technical details or numbers, I get:
    Code:
    "The requested URL was rejected. Please consult with your administrator.
    
    Your support ID is: 259122077161048583"
    Where the support ID changes. The ID looks like an F5/Akamai error code you or your rep could look up for more details.
    In this case, it's because I was trying to post a forward slash ("/") before the string "link" (I can't post the exact string for obvious reasons). Try to post / followed by link - you will be rejected.

    I ran in to this first a few weeks ago when I was trying to re-post the contents of the Trion downtime RSS feed to illustrate a time zone problem. Someone ran in to it yesterday trying to comment on the ability changes, and was just posting percents separated by slashes. When we can't be exact, it reduces the quality of our posts.

    It's also an opaque error message causing confusion to posters and making more work. I have to bisect my posts to find the exact sequence of characters causing the rejections, then work around them.

    This feels to me like an overactive web application firewall.

    Expected results: We should be able to post technical details on these forums without effort, the WAF shouldn't reject mere text, and the forum software should not be exploitable (ha?).
    Last edited by forbiddenlake; 04-29-2018 at 06:23 AM.

+ Reply to Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts