Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://ieji.de/users/SolSoCoG/statuses/112579682683060840">SolSoCoG (solsocog@ieji.de)'s status on Saturday, 08-Jun-2024 15:53:53 JST</a><a href="https://ieji.de/@SolSoCoG" title="solsocog@ieji.de"><img src="https://gnusocial.jp/avatar/25259-48-20230710104527.webp" width="48" height="48" alt="SolSoCoG" style="position: absolute; left: 0; top: 0;">SolSoCoG</a></section><article><p>Well. Setting the X-Forwarded-For header to 127.0.0.1 practice to cloak users ips was patched out with the last update <a href="https://github.com/mastodon/mastodon/security/advisories/GHSA-c2r5-cfqr-c553" rel="nofollow noreferrer">https://github.com/mastodon/mastodon/security/advisories/GHSA-c2r5-cfqr-c553</a> gotta find a new solution. Possibly random private ips but this will end up sending login from new IP messages every new login. <a href="https://ieji.de/tags/mastoadmin" rel="tag">#mastoadmin</a> <a href="https://ieji.de/tags/anonymity" rel="tag">#anonymity</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3210367#notice-6341098">In conversation</a><time datetime="2024-06-08T15:53:53+09:00" title="Saturday, 08-Jun-2024 15:53:53 JST">about 6 months ago</time> <span>from <span><a href="https://ieji.de/@SolSoCoG/112579682683060840" rel="external" title="Sent from ieji.de via ActivityPub">ieji.de</a></span></span><a href="https://ieji.de/@SolSoCoG/112579682683060840">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/mastodon/mastodon/security/advisories/GHSA-c2r5-cfqr-c553">Bypassing rate limiting with X-Forwarded-For header</a></h5><div></div></header><div>### SummaryRate limiting is applied to most API endpoints by default. However, in some incorrect configurations, the measure can be circumvented by setting the request header `X-Forwarded-For: ...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
SolSoCoG (solsocog@ieji.de)'s status on Saturday, 08-Jun-2024 15:53:53 JST SolSoCoG
Well. Setting the X-Forwarded-For header to 127.0.0.1 practice to cloak users ips was patched out with the last update https://github.com/mastodon/mastodon/security/advisories/GHSA-c2r5-cfqr-c553 gotta find a new solution. Possibly random private ips but this will end up sending login from new IP messages every new login. #mastoadmin #anonymity
In conversationabout 6 months ago from ieji.depermalink
Attachments
1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  Bypassing rate limiting with X-Forwarded-For header
  ### Summary Rate limiting is applied to most API endpoints by default. However, in some incorrect configurations, the measure can be circumvented by setting the request header `X-Forwarded-For: ...

Public

Embed Notice

HTML Code

Corresponding Notice