jotform.com (whitelist) #751
Conversation
This issue will whitelist `.jotform.com` Closes Phishing-Database/Phishing.Database#1091 Signed-off-by: spirillen <[email protected]>
|
falsos posivos |
|
@alphanet31 please report false positives here one by one https://github.com/Phishing-Database/Phishing.Database/issues |
|
The website is still uses 200 code for everything. Proof
|
Thanks a lot for your followup, I just noticed, come to think... is this in reality yet another problem by using Cloudflare as server manager and network controllers of a domain? Why on earth should anyone, by their free will, wants to reply a http 404 with http 200?? that don't make any seance to me.
|
|
@spirillen I've tested my small website, which uses Cloudflare as reverse proxy - everything is ok. Of course, my static website, hosted on Cloudflare pages, has other codes - but I guess I can fix it too. Details
|
Oh, why did you have to ruin my fondness for you? 😭 😭 😭 😭 😭 Was that intentional?
You do realise that CrimeFlare and
are heading in completely different directions, don’t you? |
|
Man, privacy != security :) There are some websites, that can be hosted at Cloudflare - let it be. Also can't access your links @spirillen : Details
|
Of course not, I do not support spyware... Try a Fox ESR and you will pass with flying color... map $http_user_agent $blocked_agent {
default 0;
# Browsers Allowed
~*Chrome 1; # Google Chrome
~*Deno 0;
~*Mastodon 0;
~*MisskeyMediaProxy 0; # Misskey Media Proxy
~*Mozilla 0;
~*Takahe 0;
~*TorBrowser 0; # Tor Browser
...
# Block command-line tools
~*curl 0; # cURL
~*wget 0; # Wget
~*lynx 0; # Lynx
} |
Pull Request: Whitelisting of
.jotform.comThis pull request aims to whitelist the domain
.jotform.comas part of our ongoing efforts to enhance the integrity of our phishing database.Related Issue: Phishing.Database Issue #1091
Current Status: This PR is currently on hold as I am engaging with the administrators of
jotform.comto encourage adherence to the relevant RFC standards concerning HTTP server responses.Technical Context
In accordance with RFC 7231, which outlines the semantics and content of HTTP/1.1, it is crucial for web servers to return appropriate HTTP status codes that accurately reflect the outcome of the request. For instance, the use of standard response codes such as
200 OK,404 Not Found, and500 Internal Server Erroris essential for proper client-server communication and for ensuring that automated systems can effectively interpret server responses.The current HTTP response behavior of
jotform.comdoes not fully comply with these standards, which may lead to misinterpretations by clients and could potentially compromise the security measures we are implementing.I am advocating for the following actions from the
jotform.comteam:Review and Update HTTP Response Codes: Ensure that all server responses align with the expected codes as defined in RFC 7231 and other relevant RFCs, such as RFC 2616 for HTTP/1.1.
Implement Consistent Error Handling: Establish a consistent approach to error handling that provides clear and actionable feedback to clients, thereby improving the overall user experience and security posture.
By adhering to these standards,
jotform.comcan enhance its interoperability with various clients and services, ultimately contributing to a more secure and reliable web environment.I will keep this PR on hold until we can achieve a satisfactory resolution with the
jotform.comteam regarding their HTTP response compliance. Thank you for your understanding and support in this matter.ATT: @cigdemtosun