Discourse instance behind F5 firewall is producing "the requested URL was rejected."

peci1 · February 22, 2021, 5:57am

community.subtchallenge.com is a 3rd-party install of Discourse I want to use as a user. I’ve spent hours debugging why I can’t post on their forum. I tried different browsers, computers, operating systems, IP addresses, continents… The result of clicking the “Create Post” button was either of the following (regardless of any of the options mentioned previously):

The post was correctly queued for moderation and I got a notification saying how many of my posts are waiting in the queue (this happened only with short test messages).
The post was not put in the queue (verified with the forum maintainers via email) and I was redirected to a nonexistent page. When I examined the network communication there was a POST request to /posts, which had this result:
```
 The requested URL was rejected. Please consult with your administrator.
 Your support ID is: 18286718686107272025
```
The post got visually hidden, there was only a blue “bar” displayed at the bottom of the page, with a progress circle infinitely spinning without any other action. I tried waiting several minutes. It did not stop spinning. Network log was saying the POST /posts request was sent, but no reply was received. After this started happening, I usually had even bigger problems, i.e. I could not re-login (the login page would load, but the login form would not get sent). It seemed like a silent ban of my IP address or something (changing IP address usually helped).

I figured out that I can avoid 2. (and possibly also 3.) if I watch out for the content of my post. I got error 2. in 100% of cases when my post contained an apostrophe, a quote, or a newline. I also got it when the post was longer than 1000 characters.

Does this behavior ring a bell for someone? Is there something I could advise to the maintaner of the forum?

Thank you for ideas.

codinghorror · February 21, 2021, 2:23am

Did you try in discourse safe mode? Did you try in your web browser’s safe mode?

peci1 · February 21, 2021, 8:31pm

Thanks for the hint to Discourse safe mode. I haven’t known about it. Unfortunately, it is somehow broken on this forum - after entering community.subtchallenge.com/safe-mode as an unlogged user, I get just the login page. If I enter the URL as a logged in user, I get a “Oops, this page was not found” page. Maybe they have some custom .htacces which breaks the functionality?

I haven’t tried in browser safe mode, but as I tried several browsers from freshly installed machines (VMs, VPS), I don’t think browser safe mode would do anything about that. I tried Firefox, Chromium, w3m (okay, no game here), Palemoon and Opera.

Hector · February 21, 2021, 11:52pm

Could be a badly configured application firewall.

peci1 · February 22, 2021, 3:37am

Thanks for the pointer, this might really be it. However, they have already “passed the problem to the IT department” and the IT people told they could not find any problem on their side. Which leaves us with an unverifiable claim I’ll ask them to look in the firewall configuration specifically.

Thinking about the issue from the perspective of firewall misconfiguration makes a lot of sense. It might just try to do some kind of “AI” analysis, which obviously fails for my non-test posts.

codinghorror · February 22, 2021, 5:59am

It does seem like this is the problem:

Your http is being blocked by a firewall from F5 Networks called Application Security Manager (ASM). It produces messages like:

Please consult with your administrator.
Your support ID is: xxxxxxxxxxxx

So your application is passing some data that for some reason ASM detects as a threat. Give the support id to you network engineer to learn the specific reason.

Per F5 documentation this indicates their firewall blocked the request:

This message indicates that ASM blocked the Request. Can you search for the support ID in your log messages (/var/log/asm) - the matching log message will provide more details.