Accidentally discovered that ...
On Habré can not log in if ...
... by any means cut http header Referer.
It happened to access the Internet through Squid, which in the config, as it turned out, had the following
header_access From deny all
header_access Referer deny all
header_access Server deny all
header_access user-agent deny all
header_access link deny all
header_access Via deny all
')
The brute force method revealed that it is the “header_access Referer deny all” that prevents the login, during which “Referer: habrahabr.ru/login ” should be transmitted for normal input (in principle, it is clear why).
In this case, everything looks as if the wrong username and / or password are entered. Namely, under the corresponding input fields, the inscriptions in red appear about the need to correctly enter these data.
The rest of the headline obstruction does not affect the performance of the resource (at least at first glance).
Trifle, but with a swoop it was impossible to understand what was the matter.
By the way:
www.torproject.org/torbutton/torbutton-options.html.en
...
Don't send referrer during Tor Usage
This option disables the referrer header. This can break some sites, however. Digg in particular A more streamlined, less intrusive version of this option should be available. In the meantime, RefControl can provide this functionality via a default option of Forge.
... by any means cut http header Referer.
It happened to access the Internet through Squid, which in the config, as it turned out, had the following
header_access From deny all
header_access Referer deny all
header_access Server deny all
header_access user-agent deny all
header_access link deny all
header_access Via deny all
')
The brute force method revealed that it is the “header_access Referer deny all” that prevents the login, during which “Referer: habrahabr.ru/login ” should be transmitted for normal input (in principle, it is clear why).
In this case, everything looks as if the wrong username and / or password are entered. Namely, under the corresponding input fields, the inscriptions in red appear about the need to correctly enter these data.
The rest of the headline obstruction does not affect the performance of the resource (at least at first glance).
Trifle, but with a swoop it was impossible to understand what was the matter.
By the way:
www.torproject.org/torbutton/torbutton-options.html.en
...
Don't send referrer during Tor Usage
This option disables the referrer header. This can break some sites, however. Digg in particular A more streamlined, less intrusive version of this option should be available. In the meantime, RefControl can provide this functionality via a default option of Forge.
Source: https://habr.com/ru/post/148485/
All Articles