• Hello game master! Welcome to our growing community. Please take a moment to Register (top right button, see how: Slides).

    If you use Campaign Logger, you can use the same login details - we've linked the app to this forum for secure and easy single sign-on for you.

    And please drop by the Introductions thread and say hi.

Forum Issues

JochenL

JochenL

CL Byte Sprite
Staff member
Adamantium WoA
Wizard of Story
Wizard of Combat
Gamer Lifestyle
Borderland Explorer
  • CC.com uses XenForo.
  • For some interactions it uses JS-initiated Server Calls.
  • These calls can contain redirect URLs with parameters.
  • URL-Parameters that contain URLs with parameters need to escape them.
  • For ? the code %3F is used.
  • This code may be used to trigger a vulnerability in Apache's mod_rewrite (https://ubuntu.com/security/notices/USN-6885-1).
  • Therefore, our provider obviously switched to a new version of Apache which deactivates %3F rewrites.
  • There is a flag UnsafeAllow3F to still allow rewriting of %3F.
  • We cannot overwrite this flag. Understandably so, as the vulnerability can crash the web server for all customers.
  • The effect on us is that using such an interaction triggers a "Oops, something went wrong" (or similar) popup and effectively stops executing the action.
  • My current workaround is Ctrl+Click the action which causes as new tab to appear where you can continue the action circumventing the limitation of the Rewrite Module Flag.
 
Our next action will be to move the forum to another provider where we don't share the same web server with other customers. There, we can setup the flag as we see fit. As this involves some setup and testing work, the migration will not be immediate.

I will keep you updated.
 
The situation has normalized, as far as I can tell, all actions are working again.

Sadly, there was no communication from our hosting provider, so a move to another provider is still in the pipeline.
 
You must log in or register to reply here.
Back
Top