Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Couldn't find a Vanilla Forum at this url :/

crewockeezcrewockeez New
in Vanilla 2.0 - 2.8

forum url >> talk.likehusky.com

Tagged:

Comments

  • Options
    x00x00 MVP 
    $ curl http://talk.likehusky.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
<p>Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

    So it is preventing basic curl requests. This server specific security.

    Note if you supply a user agent, it works

    $ curl -A "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0" http://talk.likehusky.com
....

    it won't make difference because in fact the request for comment is made in ajax. Just make sure the blog is public, and you can safely ignore that error.

    grep is your friend.

  • Options
    x00x00 MVP

    I just thought of something the request to the forum is ajax, but the request back to the blog isn't. It is a curl request.

    Just checked a user agent is provided so you should be ok. it will basically use HTTP_USER_AGENT of the requester, like proxying the request including the agent information.

    So it is just that wordpress plugin check that lacks that meta. Nothing to worry about.

    Moral of the story is the agent is unimportant and totally irrelevant, so long as you provide one. ;)

    grep is your friend.

  • Options
    crewockeezcrewockeez New

    How to ????

    sorry i don't live eng. i live thailand

  • Options
    x00x00 MVP

    @crewockeez what I'm saying is you can ignore that check.

    grep is your friend.

  • Options
    crewockeezcrewockeez New

    @x00 said:

    $ curl http://talk.likehusky.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
<p>Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

    So it is preventing basic curl requests. This server specific security.

    Note if you supply a user agent, it works

    $ curl -A "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0" http://talk.likehusky.com
....

    it won't make difference because in fact the request for comment is made in ajax. Just make sure the blog is public, and you can safely ignore that error.

    Where edit code ?

  • Options
    x00x00 MVP

    It is not a code error. Or related to vanilla.

    Your server rules turn down request that are made by agents that don't provide a name. Since all browser and nearly all legitimate bots do, it is nothing to worry about. it is even a technically a security feature.

    Like I said you can ignore the check. if it really bothers then you can open up a ticket for that wordpress plugin. it won't change your server rule, just ensure that the pluign include the agent name.

    grep is your friend.

Sign In or Register to comment.