GitLab

After the migration to containerized Weblate, modsecurity started blocking like crazy and rendered the website unusable. We first tried removing 46 rules that matched during the 2 days after the migration (puppet-tails@9fcdd201), and then decided to turn modsecurity off (puppet-tails@63766187, puppet-tails@cb7ff9fa) until we could re-evaluate and generate a sane config in which the level of false-positives is worth the pain for translators.

This should turn on modsecurity in "log-only" mode: puppet-tails!73 (merged)

In the previous non-containerized setup, it took us a long time to get to a stable configuration, with only a handful of people reporting error messages either to the sysadmins or the weblate list. Maybe, if/when we decide to turn on modsecurity blocks on again, we should ensure good communication with translators so they know when and how to effectively help, for example by waiting for a certain period and only then start reporting URL and time to the correct place (which is to be decided).

/cc @groente @emmapeel