Can't preview a post (attempted RFI/LFI detected and blocked)

Discussion in 'Site and Forum Feedback' started by grahamperrin, Dec 29, 2014.

  1. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #1
    At http://forums.macrumors.com/newreply.php?do=newreply&noquote=1&p=20538045 In response to http://forums.macrumors.com/showthread.php?p=20538045#post20538045, whenever I attempt to preview my draft response – with the text that's currently at http://pastebin.com/BG0PuZhC – there's a problem:

    Sucuri WebSite Firewall - CloudProxy - Access Denied

    Most recently at http://forums.macrumors.com/newreply.php?do=postreply&t=1753408 I see:

    ----

    What is going on?

    You are not allowed to access the requested page. If you are the site owner, please open a ticket in our support page if you think it was caused by an error: https://support.sucuri.net. If you are not the owner of the web site, you can contact us at soc@sucuri.net. Also make sure to include the block details (displayed below), so we can better troubleshoot the error.

    Block details

    Your IP: 2.96.227.77
    URL: forums.macrumors.com/newreply.php?do=postreply&t=1753408
    Your Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.3.12 (KHTML, like Gecko) Version/7.1.3 Safari/537.85.12
    Block ID: RFI009
    Block reason: An attempted RFI/LFI was detected and blocked.
    Time: Mon, 29 Dec 2014 19:03:56 -0500
    Server ID: cp220​

    ----

    If I use dummy text for the draft, preview succeeds.

    I can't see what's wrong with the true text of my draft. TextWrangler finds non-ASCII characters but no other type of gremlin.

    Any ideas?

    Thanks
     
  2. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #2
    That Sucuri is a forum security setup used here, but I'm not sure why it would be blocking your post.

    I've asked the admin staff to take a look at it for you Graham.
     
  3. WildCowboy Administrator/Editor

    WildCowboy

    Staff Member

    Joined:
    Jan 20, 2005
    #3
    The last bit in CODE tags is triggering the block because Sucuri thinks it's malicious code. I'll ping arn about it once he's around and see if there are any tweaks we can make.
     
  4. Scepticalscribe Contributor

    Scepticalscribe

    Joined:
    Jul 29, 2008
    Location:
    The Far Horizon
    #4
    Actually, this has happened to me a few times in recent weeks as well. I had wondered what it was, but never thought to mention it here. Thanks for raising it.
     
  5. grahamperrin thread starter macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #5
    Sucuri problem with two dots .. in a string

    Thanks for reduction. I reproduced the problem without markdown.

    No problem with the following string:

    sh-3.2$ cd $TMPDIR/./C/

    – but that's not the required string. Make it two dots (parent directory) instead of one –

    ..

    and preview of the string will be blocked.

    ----

    For myself I worked around the problem by linking from today's http://forums.macrumors.com/showthread.php?p=20540942#post20 to http://pastebin.com/Ku7HKvS1
     

Share This Page