Cloud flare cramping forum posts style

[Opticblaze]

Hi there,

Sorry to use the message board for this, but i have no idea where or who this should be sent to. I have been using the forums for years and now when i post (even the most mundane code) i get this message. The message in of itself is not a problem, but rather the fact that there is not email address or button to submit the cloud flare notice to. Any ideas?

[Martine bloem]

I'm sure the devs will allow you off their blocklist as a longtime loyal visitor :) but I would be curious about how you came to be there in the first place.

They say 'mysql queries' may be to blame? I wonder how strictly cloudflare would interpret them, this being a developers site and all...

Do they use external blacklists, does anyone know?

Martine

Op 27 feb. 2016 om 09:03 heeft Opticblaze <web_m...@opticblaze.co.za> het volgende geschreven:

Hi there,

Sorry to use the message board for this, but i have no idea where or who this should be sent to. I have been using the forums for years and now when i post (even the most mundane code) i get this message. The message in of itself is not a problem, but rather the fact that there is not email address or button to submit the cloud flare notice to. Any ideas?

<Auto Generated Inline Image 1>

--
You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-d...@googlegroups.com.
To post to this group, send email to silverst...@googlegroups.com.
Visit this group at https://groups.google.com/group/silverstripe-dev.
For more options, visit https://groups.google.com/d/optout.

<Auto Generated Inline Image 1>

[Opticblaze]

I think it was something in my code/query that freaked the system out. (I have attached it) the post was regarding inner joins in Silverstripe.

[Cam Findlay]

Cheers guys I'll look in to it. While we are running CloudFlare, we're not pushing it hard on silverstripe.org (in terms of caching etc). I'll see if there is a setting we can tone down or something while still trying to protect community members from uber spam.

Cheers,

Cam

[Opticblaze]

Thanks Cam,

Even if it just had a submit button on it where you could submit the post for review that would be great. I understand the need for security.

[Cam Findlay]

Just looked into this... CloudFlare's "block dodgy stuff" is set to  "Medium", the question now is, lower this to "Low" however we'd have to perhaps accept a bit more spammy stuff in forums (which we can clean up if pointed out) or leave as it. 

Discuss...

[Patrick Nelson]

I'd say before you go adjusting settings, is there a way for you to easily test the sensitivity of it? i.e. reproduce his issue in an isolated environment and then continuously tweak the settings until it stops (if at all) to verify that's indeed the issue and then at what threshold it ceases. I'm not familiar with CloudFlare settings per se, but do they have more granular settings than one single "block dodgy stuff" or were you being facetious? ;)

[Martimiz]

Took some time to check the example post in Opticblaze's attachment. Turns out that having Varchar(50) in a post got me blocked

Varchar(234) same thing, I suppose all numbers. Just Varchar was ok, but even xxVarchar(50) was enough for a block again.

Haven't checked against other content, as that takes amn awfull lot of time :)

Martine

[Opticblaze]

I also noticed that when i used LeftJoin or InnerJoin that it caused hassles.....so i wonder if sql type commands in general will cause issues.

[Cam Findlay]

Cheers for the detective work guys. I'll see what I can find out about this. If we were any site other than a software dev site, this would be useful :D

[Daniel Hensby]

Sounds like it's Cloudflare's WAF services trying to automatically block SQL injections - looks like it's not so clever on a dev forum!

[Opticblaze]

I removed the Varchar(50) from the code and tried again. Not sure if Cam reduced the CloudFlare settings, but the post was successful when i tried it again, even when i used innerJoin.
http://www.silverstripe.org/community/forums/data-model-questions/show/111699

[Martine Bloem]

Yep. Varchar(50) is eeeeevil!

--

[Florian Thoma]

How about using https://www.section.io/ instead of cloudflare? That's a varnish cache in the cloud where you can configure everything to your liking.

[Florian Thoma]

I have just published a mobule stub on https://github.com/xini/silverstripe-section-io with some information about section.io usage. It's early days any barely anything there, but it's a start... Happy to accept any pull requests ;)

[Cam Findlay]

Ok thanks for those suggestion. I did tweak some settings about a week ago. Can someone confirm whether it's being a bit more liberal now in terms of posting code examples?

Thanks.

Cam

On Saturday, 27 February 2016 21:03:14 UTC+13, Opticblaze wrote:

[Opticblaze]

Hi Cam,

I managed to get my post sorted without any hassles. Looks like it is all working fine now.

[Cam Findlay]

Excellent, happy to be of service :)