| 10 Oct 2023 |
 nixos-wiki-rcbot | [[Nixpkgs/Contributing]] https://nixos.wiki/wiki/index.php?diff=10383&oldid=10382 * Artturin * (-125) xlibsWrapper doesn't exist anymore | 04:12:04 |
| nixos-wiki-rcbot | [[Nixpkgs/Contributing]] https://nixos.wiki/wiki/index.php?diff=10384&oldid=10383 * Artturin * (-1999) Link to nixpkgs and remove things mentioned in CONTRIBUTING.md | 04:17:06 |
| nixos-wiki-rcbot | [[Nixpkgs/Contributing]] https://nixos.wiki/wiki/index.php?diff=10385&oldid=10384 * Artturin * (+93) better updating master | 04:21:06 |
|  Nia joined the room. | 08:54:47 |
| nixos-wiki-rcbot | [[Wayland]] https://nixos.wiki/wiki/index.php?diff=10387&oldid=10386 * Niahex * (+2) /* Compositors */ | 09:33:55 |
| nixos-wiki-rcbot | [[Wayland]] https://nixos.wiki/wiki/index.php?diff=10386&oldid=10092 * Niahex * (+54) /* Compositors */ | 09:33:55 |
| nixos-wiki-rcbot | [[Wayland]] https://nixos.wiki/wiki/index.php?diff=10388&oldid=10387 * Niahex * (+4) /* Applications */ | 09:34:56 |
 fadenb | Wiki will go down a few times in the next hours to mitigate CVE-2023-44487 that will be published in a few hours | 09:49:55 |
| fadenb | In reply to @chanceharrison:matrix.org
Thanks for the response. Indeed, I didn't think I was affected by the country-wide block. But I still can't contribute to the wiki because any time I try to submit or preview changes that particular action is blocked. We found the log entry for your blocked request shown in the screenshot... | 10:00:57 |
| fadenb | 
Download image.png | 10:01:11 |
| fadenb | While we, technically, could disable the cloudflare managed rules this would not be viable as those are what is blocking most of the malicious traffic | 10:01:38 |
| fadenb | The file inclusion might provide a hint, can you share what specifically you are trying to edit? We can bring this to CF support | 10:02:09 |
 @chanceharrison:matrix.org | thanks for looking into this!
appreciate the redaction on the IP, I can live with the ISP ASN 😉
The file inclusion might provide a hint
From the query string (and from memory), I was editing the Binary Cache page. Just trying to preview that page as-is causes the block. Maybe you can reproduce?
Instead of disabling all the rules, is it possible to just disable that particular rule?
| 10:04:22 |
| @chanceharrison:matrix.org | * thanks for looking into this!
appreciate the redaction on the IP, I can live with the ISP ASN 😉
The file inclusion might provide a hint
From the query string (and from memory), I was editing the Binary Cache page. Just trying to preview that page as-is causes the block. Maybe you can reproduce?
Instead of disabling all the rules, is it possible to just disable that particular rule?
| 10:04:30 |
| fadenb | I'll check later, currently we all have our hands full to mitigate the CVE mentioned above | 10:05:58 |
| fadenb | on that topic, expect downtime in a few moments | 10:06:17 |
| @chanceharrison:matrix.org | In reply to @chanceharrison:matrix.org
I would personally suggest that we look into whether certain wiki accounts (i.e., those that are manually approved?) could be exempted (or at least handled more leniently) from the blocking Referring to one of my original messages:
Now knowing it was indeed Cloudflare WAF, I was able to find this doc that describes adding how we can add exceptions to the blocks.
https://developers.cloudflare.com/waf/managed-rules/waf-exceptions/define-dashboard/
Based on that doc, it seems that you could create an exception that ignores rule 1bc977d1 for the Binary Cache page only. That seems as specific as one can be. | 10:09:34 |
| @chanceharrison:matrix.org | In reply to @chanceharrison:matrix.org
I would personally suggest that we look into whether certain wiki accounts (i.e., those that are manually approved?) could be exempted (or at least handled more leniently) from the blocking * Referring to one of my original messages:
Now knowing it was indeed Cloudflare WAF, I was able to find this doc that describes how we can add exceptions to the blocks.
https://developers.cloudflare.com/waf/managed-rules/waf-exceptions/define-dashboard/
Based on that doc, it seems that you could create an exception that ignores rule 1bc977d1 for the Binary Cache page only. That seems as specific as one can be. | 10:09:45 |
| @chanceharrison:matrix.org | * Referring to one of my original messages:
Now knowing it was indeed Cloudflare WAF, I was able to find this doc that describes how we can add exceptions.
https://developers.cloudflare.com/waf/managed-rules/waf-exceptions/define-dashboard/
Based on that doc, it seems that you could create an exception that ignores rule 1bc977d1 for the Binary Cache page only. That seems as specific as one can be. | 10:09:52 |
| @chanceharrison:matrix.org | * Referring to one of my original messages [Edit: I replied to the wrong one, but the one I replied to would still be nice if possible...]:
Now knowing it was indeed Cloudflare WAF, I was able to find this doc that describes how we can add exceptions.
https://developers.cloudflare.com/waf/managed-rules/waf-exceptions/define-dashboard/
Based on that doc, it seems that you could create an exception that ignores rule 1bc977d1 for the Binary Cache page only. That seems as specific as one can be. | 10:10:54 |
| fadenb | Wiki is back, mitigation is NOT complete | 10:29:37 |
| fadenb | Mitigation requires more complex changes than I am willing to do while not being able to focus on it during work hours.
Will have to wait. | 10:30:58 |
| fadenb | ChanceHarrison: seems like the existing content on the page triggers that specific rule. So even a non-change results in the block.
As said before, will look into that later | 10:34:32 |
| @chanceharrison:matrix.org | In reply to @fadenb:utzutzutz.net
ChanceHarrison: seems like the existing content on the page triggers that specific rule. So even a non-change results in the block.
As said before, will look into that later Of course! When you have the time. Perhaps then you will find the link I shared useful (at least I can only hope). Thanks again. | 10:35:26 |
| nixos-wiki-rcbot | [[Talk:Installing from Linux]] https://nixos.wiki/wiki/index.php?diff=10390&oldid=7480 * Bphd * (+392) | 11:17:25 |
| nixos-wiki-rcbot | [[Wayland]] https://nixos.wiki/wiki/index.php?diff=10391&oldid=10388 * Niahex * (+26) /* Compositors */ | 12:25:36 |
| nixos-wiki-rcbot | [[Hyprland]] N https://nixos.wiki/wiki/index.php?oldid=10392&rc_id=10960 * Niahex * (+2414) Created page with "{{Expansion|Incomplete (reason: (Adding incrementally through testing and verification.))}} [https://hyprland.org/ Hyprland] is a wlroots-based tiling [[Wayland]] compositor..." | 12:32:37 |
 @winny:matrix.org | Im going to be winding down my interest in contributing or improving this project we need leadership and we aren't getting it. Bye. | 12:33:01 |
| @winny:matrix.org left the room. | 12:33:07 |
| nixos-wiki-rcbot | [[Hyprland]] https://nixos.wiki/wiki/index.php?diff=10393&oldid=10392 * Niahex * (+79) | 12:39:38 |
