Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://calckey.social/notes/9ejtmxnyz0">Simon John Green (simonjohngreen@calckey.social)'s status on Tuesday, 09-May-2023 22:16:13 JST</a><a href="https://calckey.social/@SimonJohnGreen" title="simonjohngreen@calckey.social"><img src="https://gnusocial.jp/avatar/117554-48-20230508135813.webp" width="48" height="48" alt="Simon John Green" style="position: absolute; left: 0; top: 0;">Simon John Green</a><div><a href="https://mastodon.social/@pfefferle/110338404517096308" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://mastodon.social/@pfefferle">@pfefferle@mastodon.social</a> <br><br>Just to follow up on this.<br><br>Using this:<br><a href="https://blog.rac.me.uk/tag/owasp3/">https://blog.rac.me.uk/tag/owasp3/</a><br><br>I updated '/etc/modsecurity/crs-setup.conf'<br><br>Searched for rule '900220'<br><br>And added (rather than uncomment the existing rule):<br>SecAction \<br> "id:900220,\<br>  phase:1,\<br>  nolog,\<br>  pass,\<br>  t:none,\<br>  setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/activity+json|'"<br><br>Confirmed that ModSecurity was still enable:<br>/etc/modsecurity/modsecurity.conf<br><br># SecRuleEngine DetectionOnly<br>SecRuleEngine On<br><br>Restarted Apache.<br><br>And now I can follow / unfollow the author at will.<br><br>Thank you for pointing me to this.<br><br>Cheers!</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1435140#notice-2947514">In conversation</a><time datetime="2023-05-09T22:16:13+09:00" title="Tuesday, 09-May-2023 22:16:13 JST">Tuesday, 09-May-2023 22:16:13 JST</time> <span>from <span><a href="https://calckey.social/notes/9ejtmxnyz0" rel="external" title="Sent from calckey.social via ActivityPub">calckey.social</a></span></span><a href="https://calckey.social/notes/9ejtmxnyz0">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/916893">Screenshot showing a followed user using the ActivityPub WordPress plugin.</a></label><br><a href="https://bunnyt1c.s3.us-east-005.backblazeb2.com/calckeysoc/ba92cd22-7029-459b-8d3a-46c6d3231746.png" rel="external">https://bunnyt1c.s3.us-east-005.backblazeb2.com/calckeysoc/ba92cd22-7029-459b-8d3a-46c6d3231746.png</a></li><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://blog.rac.me.uk/tag/owasp3/">owasp3 – Richy's Random Ramblings</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Simon John Green (simonjohngreen@calckey.social)'s status on Tuesday, 09-May-2023 22:16:13 JSTSimon John Green
in reply to
- Matthias Pfefferle
@pfefferle@mastodon.social

Just to follow up on this.

Using this:
https://blog.rac.me.uk/tag/owasp3/

I updated '/etc/modsecurity/crs-setup.conf'

Searched for rule '900220'

And added (rather than uncomment the existing rule):
SecAction \
"id:900220,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/activity+json|'"

Confirmed that ModSecurity was still enable:
/etc/modsecurity/modsecurity.conf

# SecRuleEngine DetectionOnly
SecRuleEngine On

Restarted Apache.

And now I can follow / unfollow the author at will.

Thank you for pointing me to this.

Cheers!
In conversationTuesday, 09-May-2023 22:16:13 JST from calckey.socialpermalink
Attachments
1. Screenshot showing a followed user using the ActivityPub WordPress plugin.
  https://bunnyt1c.s3.us-east-005.backblazeb2.com/calckeysoc/ba92cd22-7029-459b-8d3a-46c6d3231746.png
2. No result found on File_thumbnail lookup.
  owasp3 – Richy's Random Ramblings

Public

Embed Notice

HTML Code

Corresponding Notice