Hosting renewal and hiwthi domain renewal (Dreamhost)
167.83usd (€171.52 / $167.83 / £150.00)
Post created with https://apps.rhiaro.co.uk/latinum
Hosting renewal and hiwthi domain renewal (Dreamhost)
167.83usd (€171.52 / $167.83 / £150.00)
Post created with https://apps.rhiaro.co.uk/latinum
Hosting renewal (Dreamhost)
155.88usd (€134.46 / $155.88 / £113.56)
Post created with https://apps.rhiaro.co.uk/latinum
Domain renewal (Dreamhost)
17.99usd (€15.34 / $17.99 / £13.19)
Post created with https://apps.rhiaro.co.uk/latinum
Dreamhost broke my ActivityPub C2S with changes to Apache mod_security rules today. They have fixed it now, and not explained exactly what was wrong. I debugged it sufficiently from the server error logs to decide it was probably their fault and not mine (my code hadn't changed and I couldn't reproduce it locally. The logs said things like:
ModSecurity: Warning. Pattern match "[\\\ \\\ ]" at REQUEST_FILENAME. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "219"] [id "921190"] [msg "HTTP Splitting (CR/LF in request filename detected)"] [data "Matched Data: user-agent found within REQUEST_FILENAME: /.\\x0a
and
ModSecurity: Warning. Operator GE matched 7 at TX:inbound_anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/RESPONSE-980-CORRELATION.conf"] [line "87"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag "event-correlation"]
and
ModSecurity: Rule 3525d796f28 [id "932110"][file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "256"] - Execution error - PCRE limits exceeded (-8): (null).
and
ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "970"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/ld+json|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"]
which are not settings I've had to mess with before, so I'm glad I pay other people to deal with this for me.
I'm just dropping this all here in case other people have similar problems and are searching.. (I don't think POST
ing forms between origins is that niche, but doing it with JSON-LD payloads might be, and it might come up more as more people realise the diverse-clients-generic-servers decentralised social web dream...
Post created with https://apps.rhiaro.co.uk/no-ceremonies-are-necessary
Hosting renewal (Dreamhost)
119.40usd (€102.07 / $119.4 / £91.93)
Post created with https://apps.rhiaro.co.uk/latinum
Domain renewal (Dreamhost)
15.99usd (€13.65 / $15.99 / £12.32)
Post created with https://apps.rhiaro.co.uk/latinum
Domain renewal (Dreamhost)
15.99usd (€14.33)
Over the next couple of days I'm moving webhosts. So probably not a good time to expect me to get your email.
Domain renewal (Dreamhost)
13usd (€11.20 / $13.00 / £9.93)
I opened DreamHost's email newsletter to unsubscribe, but then I saw this:
Well played.
Post created with https://rhiaro.co.uk/sloph
Woah woah woah! I just added an SSL certificate to my new Dreamhost account. Check this out:
Beat that every other web host, I dare you.
Post created with https://rhiaro.co.uk/sloph