Closed Bug 769831 Opened 13 years ago Closed 13 years ago

bmo anti-DDoS protection errantly blocking legitimate browsers

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Other
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: fryn, Assigned: ashish)

References

(
URL
)

Details

So we're working on this next-generation browser with the user agent string "Mozilla/6.0" and when I try visiting any page on https://bugzilla.mozilla.org/ , I get redirected to http://hardhat.mozilla.net/ , which redirects to http://hardhat.mozilla.net/en-US/outages.html . Please make Bugzilla compatible with the future. Feel free to move this bug to another Product or Component as needed.
Assignee: nobody → server-ops-webops
Component: General → Server Operations: Web Operations
Product: bugzilla.mozilla.org → mozilla.org
QA Contact: general → cshields
Summary: Bugzilla does not support next-generation browser → bmo anti-DDoS protection errantly blocking legitimate browsers
Version: Production → other
IT had placed blocks to prevent (previously) illegitimate UAs from abusing bugzilla.m.o (tracked in Secutity Bug 717176). Since then, there has been no need to have the blocks in place and I've now removed them. Please verify if this is now fixed. Thanks!
Assignee: server-ops-webops → ashish
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
There really isn't a Mozilla/6.0 UA, so if the checking for illegitimate UAs was providing any benefit whatsoever (or there is some feeling that it will in the future) then we might want to back this change out.
(In reply to Ashish Vijayaram [:ashish] from comment #1) > IT had placed blocks to prevent (previously) illegitimate UAs from abusing > bugzilla.m.o (tracked in Secutity Bug 717176). Since then, there has been no > need to have the blocks in place and I've now removed them. Please verify if > this is now fixed. Thanks! (In reply to Jared Wein [:jaws] from comment #2) > There really isn't a Mozilla/6.0 UA, so if the checking for illegitimate UAs > was providing any benefit whatsoever (or there is some feeling that it will > in the future) then we might want to back this change out. Like Jared wrote, we were not actually working on a browser with the UA string of Mozilla/6.0. I had simply been testing how sites respond to different UAs. We simply wanted to understand why Mozilla/6.0 and the like were being blocked. We were not aware that it had to do with DDoS protection, as other sites were not blocking those UAs. I agree with Jared, if we're still facing DDoS attacks and do not have a more precise defense.
There are no DDoS attacks now and as I mentioned in #c1, I have removed the blocks. Bugzilla is now, "compatible with the future" :)
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.