Test: Whitelist / Exceptions?


Explanation and Rationale

Keep Reading...

This is a diagnostic tool to help you discover what text in your post is eliciting the dreaded “Forbidden” screen. Put the text of the post that's causing the “Forbidden” screen to appear when you “Submit” or “Preview” it and then press the button labeled “Submit to Handler CGI”. Note that it cannot help you find what the exact text is; it simply takes the phpBB3, PHP, and MySQL out of equation. If you still get the “Forbidden” screen, it means that the problem is in your text and not the various pieces of software just listed.

Important point: the “Forbidden” screen is coming from a modification to the Apache webserver. There is nothing we can do to change the behavior of the Apache webserver. The behavior can be changed, but only by a change to the global configuration file for Apache, which only the site5 staff can make. As of 1 May, site5 support have said they will “Whitelist” but I have not seen any change in behavior. Since site5 also reacted extremely suspiciously to our need to be whitelisted, I appreciate any example of posts that elicit the “Forbidden” page; the more I have, the more proof I have that we need this for non-spamming/non-malicious reasons.

Once you've determined that some text in your post is causing the problem, a fast way to determine what the offending phrase is to use a variant of binary search. Remove half your text and try to post that. If it works, the problem phrase is in the second half; if it doesn't work, it's in the half you posted. Now that you know which half contains the offending phrase, cut that in half, and see which half works and which doesn't. This method works very quickly: if you start with 10K (10 * 1024) of text, after seven halfings, you'll have only eighty characters—and that's assuming that the problem phrase doesn't jump out at you as you cut the text before this.!

Text to Submit


The default text in the form will post and not provoke the “Forbidden” screen. The CGI that handles the POST text is TestCaseScan.cgi and its source code is in TestCaseScan.l.

You may use one of the samples below, or follow the suggestions to elicit a “Forbidden” response. Suggestions follow the samples.

Sample Text 1

Suspected paedophiles have been arrested after being caught on camera in a sting operation by a group of vigilante parents.

Six concerned parents, members of a group calling themselves 'Letzgo Hunting', posed online as underage girls in an attempt to snare paedophiles looking to seduce children.

From The Independent, 22 April 2013, “Suspected Paedophiles Arrested After Vigilante Parents Pose as Underage Girls Online”

In both cases, the expected result is that the “Forbidden” page will appear.

Sample Text 2

JAKE: (Not in response to her, voice thin and desperate) One of my earliest memories is of my old man coming back from Korea, wearing a uniform...one of the first stories I could remember him telling me was about this one battle he was in...the Chosin Reservoir...one of the worst battles in history...he was never there...(takes a few papers from the pile around him)...he was...(chokes on the words)...at the rear, procuring underage girls for the brass with Corporal Ellenbogen...(recovers)...it's how they knew each other...

In both cases, the expected result is again that the “Forbidden” page will appear.

Sample Text 3

http://www.youtube.com/watch?v=kP1u79wSdDY
http://www.youtube.com/watch?v=sPf2wrThylk
http://www.youtube.com/watch?v=vexjWIvwsVg
http://www.youtube.com/watch?v=HLs3aLq8quw

In the first cases, the expected result is the “Forbidden”, but in the second case, the CGI will run.

Suggestions for Writing Text to Elicit the Forbidden Page

Easy and coarse ways to elicit the “Forbidden” page are to use references to or phrases found in pornography, put numerous URLs within <a href...>...</a> tags in the text, or refer to commonly spammed products, i.e., medications for 'ED' (Viagra, Cialis, Rogaine), or common generic drugs. For example:

A Word ToOur Hosting Company

It should go without saying that simply mentioning these things does not mean we endorse or sell them, but it doesn't. So then to be clear: we do no sell or provide links to site that sell any of the products or services mentioned above. In fact, we barely countenance discussing them. Text containing such questionnable items appear here is that much of the content of this site—which is not available to guests, who do not having posting privileges—is fan fiction for numerous television shows. A drama or police procedural would be pretty dull if it weren't for violence, drugs, and sex (not that all or even most of the fan fiction is based on such shows, but enough of it is). Thus exortations to be vigilant over our over content are superfluous.

$Id: TestCase00.html,v 1.4 2013/05/07 01:52:37 thepaper Exp $

$Log: TestCase00.html,v $
Revision 1.4  2013/05/07 01:52:37  thepaper
Change 'revision' info from a bunch of <p></p> to a single <div>...</div>. Let's hope it looks OK

Revision 1.3  2013/05/06 21:41:06  thepaper
Small change to force page into browser

Revision 1.2  2013/05/06 03:14:30  thepaper
Changed expected results for last sample data

Revision 1.1  2013/05/06 01:57:23  thepaper
First public version