Comment on Can't add or remove saved posts and can't add profile picture
MrKaplan@lemmy.world 1 week agothanks for sharing this.
it seems that cloudflare’s managed rules for the OWASP are hitting a bit much lately. this request has been blocked as “Inbound Anomaly Score Exceeded” with an “OWASP score” of 49, hitting a bunch of rules in the managed OWASP ruleset, many of them relating to SQL injections. i’m gonna have a look at what we can do to tune this down.
HowRu68@lemmy.world 1 week ago
Sorry, not sure I understand, so something in your cloudfare filters may have caused the issue of not being able to edit post and or comments? Could same be true for automod functions?
MrKaplan@lemmy.world 1 week ago
seems like we’re not the only ones trouble by some changes clouflare did to their OWASP ruleset: community.cloudflare.com/t/…/19
this is a change cloudflare did to the detections they have for http requests to our server. this could affect any API calls from any clients towards our API backend, including automod actions. at most however this would prevent some automod actions from being executed, it couldn’t cause e.g. false positives.
HowRu68@lemmy.world 1 week ago
Tnx for your reply @MrKaplan@lemmy.world:
Sorry, I’m not very knowledgeable about this stuff.
So the issue lies with cloudflare and not lemmy. wold, correct? So, any info or links about this cloudfare issue known atm?
Could you perhaps please translate this into user experience, like issues with editing a post and / or a comment for users?
And if this has resulted into more strict automod functions as well?
In my case for example, an ealier post was " falsely flagged" and removed.
At this point I don’t care specifically about my old post, but this auto-mod false flag thing, could be a thing maybe?
MrKaplan@lemmy.world 1 week ago
the issue seems to stem from a change done by Cloudflare not too long ago, but that doesn’t mean that we’re unable to work around it. i’m currently implementing some changes that should help with this.
the link was included in my previous comment
for the most part, any “read” operations (looking at a post, comment, user, etc) should not be affected by this. for any “write” operations (login, posting, commenting, editing posts/comments, etc.) there seems to be a higher error rate currently related to this. in those cases the action would simply not be completed, and depending on the client (app, default web interface, alt ui) this could range from and endless loading indicator to an error being displayed to nothing being displayed.
no, and this was not an automod removal. you can see the reason why it was removed in the modlog: lemmy.world/modlog?postId=36129581
you should also have received a message from our automod informing you about the removal, but automod is only informing you about what happened, not the one taking action in this case.