Recieve this error when attempting to add or remove saved post: Client error. Code: 403. Message: Rate limit timed out…
Also, adding a profile picture produces “Server understood request but denied it.”
Recieve this error when attempting to add or remove saved post: Client error. Code: 403. Message: Rate limit timed out…
Also, adding a profile picture produces “Server understood request but denied it.”
thanks for sharing this.
it seems that cloudflare’s managed rules for the OWASP are hitting a bit much lately. this request has been blocked as “Inbound Anomaly Score Exceeded” with an “OWASP score” of 49, hitting a bunch of rules in the managed OWASP ruleset, many of them relating to SQL injections. i’m gonna have a look at what we can do to tune this down.
Sorry, not sure I understand, so something in your cloudfare filters may have caused the issue of not being able to edit post and or comments? Could same be true for automod functions?
seems like we’re not the only ones trouble by some changes clouflare did to their OWASP ruleset: https://community.cloudflare.com/t/owasp-ruleset-unexpectedly-has-a-high-false-positive-rate/814544/19
this is a change cloudflare did to the detections they have for http requests to our server. this could affect any API calls from any clients towards our API backend, including automod actions. at most however this would prevent some automod actions from being executed, it couldn’t cause e.g. false positives.
Tnx for your reply @MrKaplan@lemmy.world:
Sorry, I’m not very knowledgeable about this stuff.
So the issue lies with cloudflare and not lemmy. wold, correct? So, any info or links about this cloudfare issue known atm?
Could you perhaps please translate this into user experience, like issues with editing a post and / or a comment for users?
And if this has resulted into more strict automod functions as well?
In my case for example, an ealier post was " falsely flagged" and removed.
At this point I don’t care specifically about my old post, but this auto-mod false flag thing, could be a thing maybe?
the issue seems to stem from a change done by Cloudflare not too long ago, but that doesn’t mean that we’re unable to work around it. i’m currently implementing some changes that should help with this.
the link was included in my previous comment
for the most part, any “read” operations (looking at a post, comment, user, etc) should not be affected by this. for any “write” operations (login, posting, commenting, editing posts/comments, etc.) there seems to be a higher error rate currently related to this. in those cases the action would simply not be completed, and depending on the client (app, default web interface, alt ui) this could range from and endless loading indicator to an error being displayed to nothing being displayed.
no, and this was not an automod removal. you can see the reason why it was removed in the modlog: https://lemmy.world/modlog?postId=36129581
you should also have received a message from our automod informing you about the removal, but automod is only informing you about what happened, not the one taking action in this case.
Also, TIL, and I just looked up what that OWASP all meant via this link owasp, so like a firewall and the rules.
“Each rule in the OWASP managed ruleset is associated with a paranoia level. Rules associated with higher paranoia levels are considered more aggressive and provide increased protection. However, they might cause more legitimate traffic to get blocked due to false positives.”
My 95% chance guess is that apperantly the publishers had changed one word in the title, as I always copy the suggested title: the word “Brainwashing” was changed into" Indoctrination" , hours after I made the post… So , still imo a bit of paranoid auto mod.