Author

Topic: CloudFlare is blocking simple PHP code posting! (Read 284 times)

administrator
Activity: 5222
Merit: 13032
Could you fix the concat error I linked to above while you are at it? Putting concat-() without the "-" in to any post will lead to the same CloudFlare warning page.

Fixed.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Test:
Code:
echo "Hello World"?>

I got the "Checking your browser before accessing bitcointalk.org." message when I clicked "Preview", after that it works again.
legendary
Activity: 2268
Merit: 18711
-snip-
Could you fix the concat error I linked to above while you are at it? Putting concat-() without the "-" in to any post will lead to the same CloudFlare warning page.

I was going to follow your instructions to email the problem, but the email link on the contact page leads to a 403 forbidden page.

Edit: The 403 page seemed to be related to my Tor exit node. A new circuit has solved it.
administrator
Activity: 5222
Merit: 13032
Fixed, thanks.

I never intend for posts to trigger that sort of "blocked" message, but Cloudflare has hundreds of rules, so sometimes it happens, and it's difficult to track down when it does. If anyone runs into this again in the future, please email both of these things to the bugs email address linked on the contact page:
 - The "ray ID" at the bottom of the "blocked" message.
 - Exactly what you tried to post.
hero member
Activity: 1456
Merit: 940
🇺🇦 Glory to Ukraine!
Try to post the following by replacing p_h_p with php.

Code:

Damn it! Why did I had to listen to you! Cheesy



This looks like a similar problem reported by mocacinno back in 2017, when he tried to write "cmd.exe" in the post, but cloudflare did not allow it.
theymos later changed the settings on cloudflare, so maybe he can do it in this case as well.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Yep, I confirm; it happened to me today and I had to remove the ".php". It's weird, because any text that's written to a post is recognized as text from the forum software, and so should from Cloudflare.

I don't think the problem has to do with "attack with back-end execution". It's rather just a bug. How do I know? Try previewing this post which includes the php format intro and runs normally, and now try previewing this post, which is the same plus the next sentence; it will fail.
staff
Activity: 2436
Merit: 2347
The forum itself seems to be set up this way. The Cloudflare stub page says so:

Quote
This website is using a security service to protect itself from online attacks.

legendary
Activity: 2268
Merit: 18711
This has been the case for a while, at least since 2019. You'll notice if you try to quote theymos' post from 2014 explaining how the Legendary activity requirement is calculated, you'll meet the same error, triggered by the concat function. Remove/rename this function and it will let you post the code quite happily.

What makes you think it's cloudflare blocking this?
Try it yourself. You will be hit with a CloudFlare "Sorry, you have been blocked" page. You don't even need to try to make the post; hitting "preview" will do the same thing.
donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
Try to post the following by replacing p_h_p with php.

Code:

What makes you think it's cloudflare blocking this?  Wouldn't it make more sense that it's code within the forum infrastructure that is altering the code as it may be possible to exploit it somehow?  That would be my first guess and seems to be the most logical.  Are you seeing something that makes you think cloudflare is altering your posts?  Personally, I don't think that's what cloudflare does, or is capable of doing.  I thought of that service as a router of data and to block malicious attacks, not alter text for users who are trying to use the protected website.  Seems like one of us is missing something here.
full member
Activity: 214
Merit: 278
Try to post the following by replacing p_h_p with php.

Code:
Jump to: