Methods of avoiding Cloudflare blocks when posting code
Numerous members have complained about the inability to paste code snippets here at LQ. This is an especially important issue for participants of the Programming forum, for obvious reasons.
The problem is not caused by LQ itself, unless you wish to blame LQ for using Cloudflare (which I admit has crossed my mind). But the truth is that for a public facing website such as LQ to be available at all in the current abusive social and internet environments it must either have knowledgable staff dedicated to management of the problem or subscribe to external services to manage the problem. LQ has chosen to use Cloudflare. Cloudflare applies multiple criteria to different parts of the problem, but here we focus on only 1: Pattern matched blocks. Incomming requests are scanned for patterns frequently found in intrusion and exploit attempts, and blocks those requests. For example, this simple code snippet... Code:
<?php Quote:
Surely there is a more sensible way to resolve this annoyance! A little trial and error will show that it is the string of characters <?php which produces the blocking match in this case, so the question then becomes how to prevent the match without obscuring the code for other members? There are multiple ways of doing this, but the one I use most, and one that is easy for even me to remember is to break up that string with BB code markup which produces no effect in the web page when viewed, such as empty italics: Code:
<?[i][/i]php When you are blocked, take a deep breath, refrain from kicking the cat, hit the browser's Back button, and try to identify the cause by successively removing sections of code to narrow the possibilities (often there may be more than one)! When you find it, try the above method of breaking up the matched pattern to slip past the censors! Although I have posted only one example, I have seen many in various programming languages, filesystem paths and even in comment text. The matching rules almost certainly change continuously to match whatever Cloudflare defines as the current threat level, so what works today may not work tomorrow. I have started this thread mostly as a repository for examples of blocking code snippets and methods of avoiding the blocks. Discussion of the larger problem will surely take place as well, but let's try to focus on identifying common causes of blocks and their solutions as much as possible. So when you encounter a block please return here and post the offending pattern, and the fix you use to get around it here at LQ. If you find one you cannot easily work around, describe it as clearrly as you can we will try to make it work! |
Script tags will trigger a cloudflare redirect. So will nmap, netcat, some python, some C, even some bash.
From this pages source code: <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/yui/2.9.0/yahoo-dom-event/yahoo-dom-event.js?v=3810b1"></script> You have to do something with script tags. Either alter the tags or maybe just colorize the text like a syntax highlighting text editor does. However, that wont preserve bump overs, which are essential for python, and make other source code look neat. Code:
_script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/yui/2.9.0/yahoo-dom-event/yahoo-dom-event.js?v=3810b1"></script_ |
I guess I should identify what browser would post and would not post.
Code:
#No Since that last openssl update, dillo is dead again for LQ. Probably not going to spend much time on it, So can't speak for it. My point, the web browser that you are using makes a difference. I know that I did not have scripts on in the webengine browser. Doesn't make any difference, tried it before. And I'm not resisting browser fingerprinting in either one, altering the request header, or refusing cookies. |
I too have seen some HTML tags blocked. In particular, any attempt to post a <script ...> tag, even an empty one...
Code:
<script></script> ... results in a blocked request with this singularly useless warning: Quote:
As with the above script tag example, we should be able to identify and work around common cases which affect most users, and work out simple, reliable methods of getting past the block for purposes of asking and answering questions. The method of identifying the minimal matching examples and breaking those strings with "invisible" content has proven to be general enough to work in most cases I have encountered, including the above <script> tag case. Code:
<sc[i][/i]ript><[i][/i]/script> |
Yes, I've done that before. I used bold tags.
Code:
<script type="text/javascript" src="https://www.linuxquestions.org/questions/clientscript/vbulletin_global.js?v=3810b1"></script> Like astrogeek said: <sc[b][/b]ript type="https://www.linuxquestions.org/questions/clientscript/vbulletin_global.js?v=3810b1"></sc[b][/b]ript> |
Thank you very much astrogeek.
This is exactly the kind of answer I was hoping to get. With this I can DO SOMETHING. R |
Example that worked for me - Thank you astrogeek!
Cloudthing doesn't like <?_hp. - Fix <?p[i][i/]hp JAVASCRIPT var request=$.ajax({ url: "exiftools_php/exec_exiftools_v0.1.php", data: { ajaxArr, "srcdir": "<?p[i][i/]hp echo $imageSrcDir; ?>" , "targetdir": "<?p[i][i/]hp echo $imageTargetDir; ?>"}, type: "POST", dataType : "json" }) |
Yup, that will work if done right.
Code:
var request=$.ajax({ |
teckk are you saying that changing the color will do the same as i /i (with brackets)
|
No. I've been working on a python script off and on for a while that adds syntax highlighting before and after keywords. Feed it a code block, and it will highlight it with bb code color tags. Not really necessary, but it looks nice.
And, now that I know how to break up script, php etc., so that it will post. Not too hard to add that. Every time it encounters script, change it to <sc[b][/b]ript Just need to add to a list of keywords that need to be altered, when they are found. Sounds like the best way to do it. Run it through an automatic parser/editor. I wish that there was bb tags for changing background color. |
All times are GMT -5. The time now is 12:21 PM. |