When I try to submit a post or comment containing the string [slash]etc[slash] passwd, the submit button goes into a loading state and spins indefinitely. The request is blocked by Cloudflare with status code 403. I can’t even search for the forbidden string. You have to check dev tools to find out what went wrong, this error is not handled in the UI at all.

So, if you’ve ever tried to reply to a tech issue and the UI just won’t let you, maybe this is why.

  • @[email protected]
    link
    fedilink
    English
    30
    edit-2
    7 months ago

    This smells like something being blocked by Cloudflare’s WAF (Web Application Firewall) rules. I’d imagine there might be a rule there to try to block requests that look like they could involve sensitive files like the passwd file

    https://developers.cloudflare.com/waf/

    The UI should probably alert you of there being an issue posting after getting a 403 response

    • @[email protected]
      link
      fedilink
      English
      56 months ago

      Damn even though you explained the abbreviation I still read it as Wife Approval Factor for a second and was very confused

  • @dohpaz42
    link
    English
    187 months ago

    Let’s see, I’m on lemmy.world: /etc/passwd

    • @alythOP
      link
      English
      8
      edit-2
      7 months ago

      What the heck, it consistently does not work for me. I guess that’s not the only deciding factor in why my posts don’t go through. I’ve changed the pronoun in my post from ‘you’ to ‘I’ because it doesn’t apply to everyone. ^^

      • @ilinamorato
        link
        English
        5
        edit-2
        7 months ago

        Hmm, weird. I notice that you’re using Firefox; maybe that’s the deal. I am too:

        Aha! I think that might be it! I can’t on Firefox either.

        Edit: Nope, just tried it on Boost, and that didn’t work either.

        • @ilinamorato
          link
          English
          17 months ago

          Ok, I was on the “old.” skin; let’s try the standard skin.

          Nope, it doesn’t work on the standard skin, either.

      • @marcos
        link
        English
        6
        edit-2
        7 months ago

        On the website:

        /etc/password

        Let’s see.

        EDIT: Well, maybe the Cloudfare filters are region-dependent.

  • Andrew
    link
    fedilink
    English
    147 months ago

    That’s kinda funny, in a way - unsophisticated prevention for an unsophisticated attack.

    Everyone trying to use the Internet normally suffers due to this kind of stuff.

  • @mystik
    link
    English
    14
    edit-2
    7 months ago

    ⟋etc⟋passwd ⧸etc⧸passwd /etc/passwd

    • @[email protected]
      link
      fedilink
      English
      96 months ago

      How dare you go outside the bounds of ASCII! 95 printable characters ought to be enough for anyone.

  • @[email protected]
    link
    fedilink
    English
    67 months ago

    Is it because it contains the word “ass” ? I can imagine this being caused by some poorly designed censoring software.
    I remember in 1999 or thereabouts when I was playing Ultima Online, and the same thing happened when I was a ghost trying to get back into town to get resurrected: As I instinctly tried to open the gate to enter, I got the message “Your ghostly hand p4$$es through the gate”

      • Billiam
        link
        English
        2
        edit-2
        6 months ago

        You mean a buttbuttin?

        Edit: Boost for Android won’t let me post it either.

    • @alythOP
      link
      English
      57 months ago

      I remember those shenanigans from Neopets. You couldn’t say cucumber on the forums.

  • konalt
    link
    English
    67 months ago

    Can’t post on Lemmy.World, photon desktop UI. Interesting