MEPIS Community Forum

Hmmm...this problem is 'messy'. I've got a reply (that I've saved), and no matter what I try,
I can't see to find any way to NOT get this 'method not implemented' error when I try
to view/post it.

Maybe I'm misunderstanding the 'rules'?

My prospective post has some normal forward-slashed directory and file references, in 2 or 3
places. So, I need the tags around the just the first slash, in each occurrence? And, even
when that occurrence is already within 'quoted-string' tags?

[I'm about ready to just give up, and not make the post.]

Is this 'problem' something that is or will-be worked on and fixed? Or, do we all need to now
learn this new method of posting and replying?

The problem was solved as far as I know, look /etc/apt/sources.list You might have found another security "feature", maybe you have wget in the code?
Try to post (preview) part of what you post and detect where the problem is.

Yes, the slash issue was corrected for this forum and the wiki, and you are able to post normally. If it is a wget we still have that problem. If you put the bold tags around the w only it should post.
wget

wouldn't necessarily call it a problem, rather it's a security check that prevents hacker from downloading stuff from the server and/or using our servers to download stuff from elsewhere on the net.

the slash checking rule was modified, but modifying the rule for wget is a bit trickier because it can pose wider issues when checking for server side application names.

Thank you for the excellent clarification.

Not sure I follow why that it's a 'security check'. Did we have such limitation/issue in the other forums? Seems to me,
it's a bug or unnecessary side-effect from sloppy coding somewhere in this new 'phpBB' system!?

No, there's no 'wget' in my prospective failing post.

[That said, once I solve this, the issue should go away (for me, at least). So, I will keep working at figuring
out where the problem is.]

It is not the phpBB software, nor is it any coding sloppiness. It is the server we are on that has the security feature deliberately put in place. It is a different server than ML was on, and it is a shared server. The security features have been implemented by the person we share with. GoManutd has helped with the server questions and can give a far better explanation than I can.

If you like you can send me the post on my private email. If you PM me I will give you my email address.

it's an awesome piece of software called modsecurity. it's essentially a web application firewall - instead of sniffing packets it looks at payloads.

what it helps prevent are things like sql injection attacks, well known attacks, as well as providing a level of protection against unknown/undocumented attacks.

so things like sending a payload to an app that the sql server would execute and, say, turn around and send back /etc/passwd

it really is a required piece of software for any web server, as web applications become increasingly complex and interact with other web services that may, or may not be under the same "roof".

Oops...yes, there IS a w-get, which was the cause of my grief.

[Putting tags around the w wasn't quite the total answer, because then those tags don't dissappear
when you view it, if the w-get is within a larger 'code' tagged sequence, so I had to eliminate the code tags.]

Correct. In a regular posting they will make the w appear bold, In code they show as the tags. Which is as expected since code is exactly that, and will show any code tags. Sorry that was a bit redundant, but I could not find another way to express it.