Cannot type "/ etc / hosts" (without the spaces)

[Wrichik Basu]

I was trying to paste the hosts file in this thread, and ran into an exception:

I can't paste the full error message from the console because PF is not allowing me to do so. Here is the error message:

Sorry, you have been blocked
You are unable to access physicsforums.com
Why have I been blocked?
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

What can I do to resolve this?
You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Cloudflare Ray ID: 743cfbb7cc8df8d7 • Your IP: <Removed_by_me> • Performance & security by Cloudflare

Upon further testing, it turns out that I can paste the hosts file, but cannot type / etc / hosts (without the spaces). Neither in code blocks nor as plain text.

 

[jack action]

Test: $\texttt{/} \texttt{etc} \texttt{/} \texttt{hosts}$

Works fine with me. (OK, I cheated a lot )

 

[I like Serena]

Quick test.

/ etc / hosts

I can confirm the problem. If I leave out the spaces in either the title or the body of the code block, then I can preview it just fine, but if I try to submit it gives the "Problem encountered" dialog and I cannot submit.

 

[Wrichik Basu]

This bug is similar to the one spotted in this thread:
https://www.physicsforums.com/threa...tion-bug-out-possibly-my-own-browser.1016515/

 

[Greg Bernhardt]

Something about the format of the content in the request is tripping CF's detection.

 

[pbuk]

CloudFlare simply won't let the string /etc/hosts through in a multipart/form-data request, presumably because this is a known attack payload. This is also the case with many other strings like <script>.

I don't think CF would be so picky about application/json content, perhaps you could persuade ZenForo to rewrite their front end XHR handler?

 

[DrJohn]

Take a screenshot, then post that.

 

[Vanadium 50]

known attack payload

That's the key. If you type content like that, you shouldn't be surprised when its blocked. ("But your honor, the gun wasn't loaded!")

 

[Wrichik Basu]

CloudFlare simply won't let the string /etc/hosts through in a multipart/form-data request, presumably because this is a known attack payload. This is also the case with many other strings like <script>.

But how did you write these?

 

[pbuk]

But how did you write these?

Click "Reply" and you'll see...

 

[Wrichik Basu]

Click "Reply" and you'll see...

This is what I see:

 

[pbuk]

This is what I see:

Ah you also have to click the [ ] icon in the editor bar to leave WYSYWIG mode.