[Qgis-psc] qgis.org was redirecting to /ru/site/ temporarily
Nyall Dawson
nyall.dawson at gmail.com
Fri Nov 25 15:39:32 PST 2022
On Sat, 26 Nov 2022, 7:14 am Richard Duivenvoorde, <rdmailings at duif.net>
wrote:
> Yes, I've seen this behaviour also (not only to russion, also to french
> etc)...
>
> Since years(!) we have some rules like:
>
> RewriteCond %{HTTP:Accept-Language} ^ca [NC]
> RewriteRule ^/$ /ca/site/ [L,R=301]
> RewriteCond %{HTTP:Accept-Language} ^da [NC]
> RewriteRule ^/$ /da/site/ [L,R=301]
> RewriteCond %{HTTP:Accept-Language} ^de [NC]
> RewriteRule ^/$ /de/site/ [L,R=301]
>
Just putting this out there: let's remove the Russian language redirect
entirely? It's not a good impression at all for the site to mistakenly go
to a Russian version, of all languages. I'd very much prefer a mistake
which gave me the qgis website in spanish, french,...
Just not Russian 😡
Nyall
> in our apache configs
>
> And this has worked for a long time. I really don't know how this could be
> compromised, other that somebody in a proxy would be able to change the
> headers...
> Which make me think that the only thing which can do this is Cloudflare
> (also looking into your image)
>
> Maybe somebody can try to contact them?
>
> Another possibility is that there is some http-caching somewhere in the
> route? Which does something with the headers? Or is not checking them?
>
> Regards,
>
> Richard Duivenvoorde
>
>
> On 11/25/22 21:10, Johannes Kröger (WhereGroup) wrote:
>
> Hey you lovely people,
> >
> > this might have been a temporary configuration mistake or anything but
> in the current climate one has to assume a compromise/attack:
> >
> > Some minutes ago I was visiting qgis.org in my browser and the website
> was in cyrillic. I noticed the URL was https://qgis.org/ru/site/
> >
> > My requests came from a German IP and my browser locale should be set to
> something English so this was surprising and had never happened before. I
> am fairly sure that my system was not compromised.
> >
> > I checked with curl -I and I was being redirected to that language. A
> few moments later I checked again and it was back to /en/
> >
> > Here are my curl responses with the Cloudflare stuff if it helps
> pinpointing the moment or processes involved:
> https://pastebin.com/raw/36HwcxKW
> >
> > Not sure if this is the right mailing list but I didn't want to spread
> FUD on -user and no one was on IRC so this seemed like the best choice.
> Please forward it to people who can check the server(s) if they aren't
> reading here. Thanks!
> >
> > Cheers, Hannes
> >
> > _______________________________________________
> > Qgis-psc mailing list
> > Qgis-psc at lists.osgeo.org
> > https://lists.osgeo.org/mailman/listinfo/qgis-psc
>
> _______________________________________________
> Qgis-psc mailing list
> Qgis-psc at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/qgis-psc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20221126/67a49b45/attachment.htm>
More information about the Qgis-psc
mailing list