[Qgis-psc] qgis.org was redirecting to /ru/site/ temporarily
Richard Duivenvoorde
rdmailings at duif.net
Fri Nov 25 13:02:48 PST 2022
Yes, I've seen this behaviour also (not only to russion, also to french etc)...
Since years(!) we have some rules like:
RewriteCond %{HTTP:Accept-Language} ^ca [NC]
RewriteRule ^/$ /ca/site/ [L,R=301]
RewriteCond %{HTTP:Accept-Language} ^da [NC]
RewriteRule ^/$ /da/site/ [L,R=301]
RewriteCond %{HTTP:Accept-Language} ^de [NC]
RewriteRule ^/$ /de/site/ [L,R=301]
in our apache configs
And this has worked for a long time. I really don't know how this could be compromised, other that somebody in a proxy would be able to change the headers...
Which make me think that the only thing which can do this is Cloudflare (also looking into your image)
Maybe somebody can try to contact them?
Another possibility is that there is some http-caching somewhere in the route? Which does something with the headers? Or is not checking them?
Regards,
Richard Duivenvoorde
On 11/25/22 21:10, Johannes Kröger (WhereGroup) wrote:
Hey you lovely people,
>
> this might have been a temporary configuration mistake or anything but in the current climate one has to assume a compromise/attack:
>
> Some minutes ago I was visiting qgis.org in my browser and the website was in cyrillic. I noticed the URL was https://qgis.org/ru/site/
>
> My requests came from a German IP and my browser locale should be set to something English so this was surprising and had never happened before. I am fairly sure that my system was not compromised.
>
> I checked with curl -I and I was being redirected to that language. A few moments later I checked again and it was back to /en/
>
> Here are my curl responses with the Cloudflare stuff if it helps pinpointing the moment or processes involved: https://pastebin.com/raw/36HwcxKW
>
> Not sure if this is the right mailing list but I didn't want to spread FUD on -user and no one was on IRC so this seemed like the best choice. Please forward it to people who can check the server(s) if they aren't reading here. Thanks!
>
> Cheers, Hannes
>
> _______________________________________________
> Qgis-psc mailing list
> Qgis-psc at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/qgis-psc
More information about the Qgis-psc
mailing list