clifff @clifff

0 posts0 participants0 posts today

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · May 12

@lukeshu So I guess #Anubis has an explicit exception to handle #Lynx and will instead rely on rate-limits and other static means to detect #scrapers and handle with #UserAgent #abuse cases, like #fail2ban-style autobanning of violating IPs...

This makes sense for a #WAF like Anubis and would've been the only viable option I'm aware of.

I wounder if anyone has tried using Anubis on @torproject / #Tor to protect #OnionService|s since that would be a reasonable application for it as well.

**Paul Healey** @Dialectician@universeodon.com · May 6

May 6

Paul Healey @Dialectician@universeodon.com

So the Liberal Democrat’s are closer to what the Conservatives used to be, and the Green’s closer to what Labour once was. That leaves the Conservatives closer to the British National Party and Reform closer to the National Front? #WAF #DirtyMoneyDirtyPolitics

Replied in thread

**argv minus one** @argv_minus_one@mastodon.sdf.org · Apr 25 *

Apr 25 *

argv minus one @argv_minus_one@mastodon.sdf.org

@jmason_links

Can confirm, this is extremely lol. If attackers can read arbitrary files on your server, then you've got way bigger problems than stopping them from reading the f**king hosts file.

#WAF #cybersecurity #Cloudflare

Replied in thread

**Edelruth In The Wrong Timeline** @Edelruth@mastodon.online · Mar 4 *

Mar 4 *

Edelruth In The Wrong Timeline @Edelruth@mastodon.online

@Wheels @RickiTarr

That will be the next step for this administration, after ignoring judicial orders, it will ignore congress, and there will be no consequences.

This is a prediction.

Also, is this correct? > Congress formally controls the budget, but the administration manages the money. Once the administration has the money, if they refuse to spend per congressional budget, there is only the judiciary (ignoring), and congress (1. Controls, 2. predicted to ignore), to enforce?
#WAF

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Oct 24, 2024 *

Oct 24, 2024 *

Kevin Karhan @kkarhan@infosec.space

@LibreKitsune I still consider this a hostile act and a blatant violation of their previous #settlement that forced them into #publishing said #IPv4 #ranges...

In fact had they not actively worked against that previously and it only raised my attention when I saw errors re: said ranges.

I'm considering to build a #workaround on #GitHub to just use a #cookie and some #compute to do it, but if I had cash to spare I'd sue them into removing #ClownFlare and allowing me to scrape the list directly...

I'm very close to just sending them an #invoice for the personnel hours wasted on that bs and billing them regularly for the expense of manually checking the difference between those (@ minimum of 60:15 billable minutes)...

Otherwise I do expect regulators to actually go after #OpenAI and force them to undo the #Cloudflare-based #Enshittification, since it's neither feasible nor reasonable to claim "#DDoS-#Protection" for a 48 Bytes (!!!) file...

Every #WAF / #WebApplicationFirewall I know would not get triggered even if I were to query it once per hour (which I now do just to annoy them or rather ClownFlare!...

#waf #webapplicationfirewall