Lanik wrote: ↑Wed Mar 29, 2017 12:18 am
wgordon wrote: ↑Tue Mar 28, 2017 2:12 pm
Perchance could we get an author's opinion of both of these options?
One of the authors has already voiced their opinion here:
https://forums.lanik.us/viewtopic.php?f=64&t=35937 I don't imagine that's going to change since these issues are so similar.
Which in unfortunate. Essentially the blocking filters are being too broad in their approach and they are having collateral damage. And for whatever reason, the people maintaining these lists don't seem to be able to make sure that their filters are working as expected.
I think the proper fix here is to figure out what is causing those filters to exist in the first place, and to tighten the restriction so that it only blocks what it is mean to block.
I wouldn't even be surprised if what originally caused these filters to be applied in the first place hasn't already been updated to get around the filter.
Lanik wrote: ↑Wed Mar 29, 2017 12:18 am
mwringe wrote: ↑Tue Mar 28, 2017 6:57 pm
I fail to see the argument here, if they can change the URL path, then they can easily just rename it as something like "metric/metrics" or "m/metrics" or "m/m"
The idea is to run their scripts under a white list so they'll change their site/scripts etc to take advantage of an allowed metric/metrics filter.
mwringe wrote: ↑Tue Mar 28, 2017 6:57 pm
I don't understand how some "bad" site somewhere at sometime used "/metrics/metrics" in their tracking, so now we are trying to block anyone on the internet from ever having that in their URL path. This makes no sense to me.
Maybe I'm not explaining it correctly or whatever, but if you need examples of such abuse see this:
https://forums.lanik.us/viewtopic.php?f=62&t=34172
I think you are making a case for why whitelisting things is bad (which I don't necessarily disagree with, although what you linked to sounds more like a bug than anything else)
There may have been some confusion over how I wrote things. When I said 'exclusion' for "/hawkular/metrics/metrics" I didn't mean to just whitelist anything that matches that. I meant to update the filter so that "/hawkuar/metrics/metrics" wouldn't necessarily trigger the overly broad "/metrics/metrics" check.
The better option would be to fix the "/metrics/metrics" exclusion so that its not so broad, but it doesn't look like that will be possible.
I still stand by my argument:
mwringe wrote: ↑Tue Mar 28, 2017 6:57 pm
I don't understand how some "bad" site somewhere at sometime used "/metrics/metrics" in their tracking, so now we are trying to block anyone on the internet from ever having that in their URL path. This makes no sense to me.