Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • S sysadmin
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 84
    • Issues 84
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • tails
  • sysadmin
  • Issues
  • #17874
Closed
Open
Issue created Nov 05, 2021 by Zen Fu@zenMaintainer

Reconfigure modsecurity and turn it on for Weblate once again

After the migration to containerized Weblate, modsecurity started blocking like crazy and rendered the website unusable. We first tried removing 46 rules that matched during the 2 days after the migration (puppet-tails@9fcdd201), and then decided to turn modsecurity off (puppet-tails@63766187, puppet-tails@cb7ff9fa) until we could re-evaluate and generate a sane config in which the level of false-positives is worth the pain for translators.

This should turn on modsecurity in "log-only" mode: puppet-tails!73 (merged)

In the previous non-containerized setup, it took us a long time to get to a stable configuration, with only a handful of people reporting error messages either to the sysadmins or the weblate list. Maybe, if/when we decide to turn on modsecurity blocks on again, we should ensure good communication with translators so they know when and how to effectively help, for example by waiting for a certain period and only then start reporting URL and time to the correct place (which is to be decided).

/cc @groente @emmapeel

Edited Nov 05, 2021 by Zen Fu
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking