Changes between Version 2 and Version 3 of Ticket #7792, comment 9
- Timestamp:
- 01/06/2025 09:39:43 PM (9 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #7792, comment 9
v2 v3 22 22 A simple GET request of a well-cached documentation page or other static asset (eg js or css file) is not a threat and should not be blocked. 23 23 24 Additionally, any request coming from an authenticated user can be tied to that user's account -- even if they use a security-hardend operating system like TAILS to protect themselves -- is clearly identifiable. Requests coming from sessions with a logged-in user account (in good-standing) should not be subject to such IP-based blocks (that are currently rife with false-positives).24 Additionally, any request coming from an authenticated user can be tied to that user's account -- even if they use a security-hardend operating system like TAILS to protect themselves. Requests coming from sessions with a logged-in user account (in good-standing) should not be subject to such IP-based blocks (that are currently rife with false-positives). 25 25 26 26 Please bring the relevant person who made this decision into this ticket. Let's examine the actual threats and see how the current misconfiguration can be fixed while still addressing your legitimate risks.