Comments (4)
Hi,
MLS accepts gzipped requests, see https://github.com/mozilla/ichnaea/blob/efe73300296436f1b6a8d10db9739ffc3711ba94/ichnaea/api/views.py#L106
Ideally we want to compress the data submissions, because the amount of data can be quite large. I guess there could be an option to disable compression, but maybe you can configure your server to accept gzipped requests?
from neostumbler.
This content-encoding header is valid, the framework I'm using for my server automatically decompresses the data for me because of this header.
from neostumbler.
It is not a problem to transmit the data in a compressed way; and indeed the header content-encoding will be useful on the server side for decoding.
So I modified the modsecurity detection rules to bypass the blocking.
For info, the extracts from the error log:
Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_content-encoding. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1128"] [id "920450"] [msg "HTTP header is restricted by policy (/content-encoding/)"]
Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname
from neostumbler.
Closing this because the problem should be fixed on server side
from neostumbler.
Related Issues (20)
- Allow for translation using Weblate HOT 6
- Custom map layers HOT 2
- Keeping user location focused on the map view HOT 2
- Adding a submission progress bar HOT 5
- Simplify persistent notification HOT 3
- Store MCC and MNC as strings HOT 2
- Minor statistics tab UI/UX issues HOT 3
- Collect cell tower ARFCN
- Meterial You accent colors
- Troubleshooting UI HOT 1
- Application crashes on launch due to BeaconService declaration in manifest HOT 4
- Collect data from tunnels
- Empty WiFi scans HOT 6
- Privacy mode - Don't send out accurate timestamps HOT 1
- Add altitude to exported data
- Missing numbers of contributed, sent and not sent reports in Android App Ver. 1.2.3 HOT 3
- Sort reports
- Show a warning when an unencrypted endpoint is used
- Does not collect WiFi AP when connected to WiFi HOT 1
- Allow changing how often data is recorded HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from neostumbler.