[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] Any idea what one can do about the people who feel the ne
|
From: |
Tim Chase |
|
Subject: |
Re: [Lynx-dev] Any idea what one can do about the people who feel the need to block lynx |
|
Date: |
Mon, 22 Jun 2020 22:19:55 -0500 |
On 2020-06-22 23:30, Claudio Calvelli wrote:
> Any suggestion on what one can tell these ignorants so they may
> learn something?
I know that the OWASP "Core Rule Set (CRS)" (prior to version 3.0) for
the Apache "mod_security" module had blocking based on the User-Agent
header that included lynx and curl (at least until a more recent
release)
https://en.wikipedia.org/wiki/ModSecurity#Former_Lynx_browser_blocking
so if admins are just downloading a "yep, sounds like a good default
list to me" configuration without actually checking what it blocks,
lynx users can end up with "406 Not Acceptable" errors. If you
encounter those and tweaking your settings so that lynx sends the
user-agent with "l_y_n_x" instead of "lynx" and that solves it, you
might have better luck asking the admin to upgrade to CRS3 which
solves the issue.
That said, because you're getting a 403 rather than a 406, it sounds
like that might not be the case here.
-tim