Problem with this forum and cloudflare sec

@Admin

hello H. I ran into some problem in this forum

transparent frame from cloudflare appears requiring recaptcha

if a new topic is opened - normal popup from CF is displayed correctly

but if you reply to someone in this forum - popup is broken and splits trough page

try this

copy this below

<script type = "text / javascript"> </ script>

and paste it in the reply text field

then select it

and format it as CODE

then click preview

and watch

1 Like

and also when I post this topic

JSON show up

btw. You should remove this line “Confirm Google Webmaster with HTML file”

from here https://infinityfree.net/support/javascript-error-using-api-or-mobile-android-app/

because this works

I tried reducing characters and actually this is a trigger <&/ script>
without &
otherwise I’m not able to send a post

Likely Cloudflare’s security filter sees pasting code as an XSS attempt or something like that. I will check why you get that error.

@OxyDac said:
btw. You should remove this line “Confirm Google Webmaster with HTML file”

from here https://infinityfree.net/support/javascript-error-using-api-or-mobile-android-app/

because this works

Last time I checked, it didn’t. I’ll recheck that as well. Still, DNS records are a viable alternative for which I know it works.

about webmaster tools aka search

you need to download html file again from google
even if the old one already exist and with same name

I did it for my site last year and it’s OK

even pinterest validation passes :slight_smile:

Well, as expected, your Javascript snippet triggered Cloudflare’s XSS vulnerability filter. I’ve relaxed the firewall a bit now, please try if you are still being blocked.

You are fast B)

Forum works well ! tested

I have nothing against XSS vulnerability filter.
My only problem was that I did not go through recaptcha because it was broken.
No pictures of buses, signs, roads, etc. only transparent frame with cloudflare-ray error + my IP and some text across the entire forum related to malware, so I was not able to post.

Thank you for your time H.

@OxyDac said:
You are fast B)

Forum works well ! tested

Disabling a firewall rule is super simple: look up an IP address in Cloudflare’s firewall log, look up the matched rule ID and disable that rule in the security system. XSS filters are normally useful, unless people are supposed to submit code snippets and the receiving applications are adequately protected.

I have nothing against XSS vulnerability filter.
My only problem was that I did not go through recaptcha because it was broken.
No pictures of buses, signs, roads, etc. only transparent frame with cloudflare-ray error + my IP and some text across the entire forum related to malware, so I was not able to post.

Thank you for your time H.

Yes, the posts are submitted through AJAX and Cloudflare’s security system can’t show a nice interstitial page for submissions like that.

1 Like