[Qgis-psc] qgis.org was redirecting to /ru/site/ temporarily
Johannes Kröger (WhereGroup)
johannes.kroeger at wheregroup.com
Fri Nov 25 15:04:44 PST 2022
Phew, I am glad to hear that it does sound like a random issue, not that
someone or something tried to specifically redirect to that language. :)
Fingers crossed for finding the bug, sounds pretty hard to pinpoint!
Am 25.11.22 um 22:02 schrieb Richard Duivenvoorde:
> Yes, I've seen this behaviour also (not only to russion, also to
> french etc)...
>
> Since years(!) we have some rules like:
>
> RewriteCond %{HTTP:Accept-Language} ^ca [NC]
> RewriteRule ^/$ /ca/site/ [L,R=301]
> RewriteCond %{HTTP:Accept-Language} ^da [NC]
> RewriteRule ^/$ /da/site/ [L,R=301]
> RewriteCond %{HTTP:Accept-Language} ^de [NC]
> RewriteRule ^/$ /de/site/ [L,R=301]
>
> in our apache configs
>
> And this has worked for a long time. I really don't know how this
> could be compromised, other that somebody in a proxy would be able to
> change the headers...
> Which make me think that the only thing which can do this is
> Cloudflare (also looking into your image)
>
> Maybe somebody can try to contact them?
>
> Another possibility is that there is some http-caching somewhere in
> the route? Which does something with the headers? Or is not checking
> them?
>
> Regards,
>
> Richard Duivenvoorde
>
>
> On 11/25/22 21:10, Johannes Kröger (WhereGroup) wrote:
>
> Hey you lovely people,
>>
>> this might have been a temporary configuration mistake or anything
>> but in the current climate one has to assume a compromise/attack:
>>
>> Some minutes ago I was visiting qgis.org in my browser and the
>> website was in cyrillic. I noticed the URL was https://qgis.org/ru/site/
>>
>> My requests came from a German IP and my browser locale should be set
>> to something English so this was surprising and had never happened
>> before. I am fairly sure that my system was not compromised.
>>
>> I checked with curl -I and I was being redirected to that language. A
>> few moments later I checked again and it was back to /en/
>>
>> Here are my curl responses with the Cloudflare stuff if it helps
>> pinpointing the moment or processes involved:
>> https://pastebin.com/raw/36HwcxKW
>>
>> Not sure if this is the right mailing list but I didn't want to
>> spread FUD on -user and no one was on IRC so this seemed like the
>> best choice. Please forward it to people who can check the server(s)
>> if they aren't reading here. Thanks!
>>
>> Cheers, Hannes
>>
>> _______________________________________________
>> Qgis-psc mailing list
>> Qgis-psc at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/qgis-psc
>
> _______________________________________________
> Qgis-psc mailing list
> Qgis-psc at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/qgis-psc
More information about the Qgis-psc
mailing list