Looks like we have a general bot issue?

https://issues.joomla.org/tracker/joomla-cms/11694

Misses the last comments from
joomla/joomla-cms#11694 (comment)

I'm getting really tired of ModSec...

? How did it work before?

Odds are the old server didn't have ModSec on it.

Ok. Hmm but there should be a way to consume github hooks in a secure way do we have a way to contact github?

It's not GitHub, it's Rochen.

I mean ask github to get a secure configuration of mod security they have maybe some expirience in that? Or Rochen ask github howto configure it secure?

Can we do something like
https://developer.github.com/webhooks/securing/

Supposedly Rochen whitelisted GitHub stuff based on the data I gave them. Apparently that's not happening.

The problem is our issues commonly have SQL scripts, JavaScript snippets, and HTML inlined into them. Which triggers the rules long before our application runs.

And that page is only good for application level security measures. It does nothing to address the web server stripping stuff.

Hmm thanks for checking

Hmm loks like that the cron synced it.. So we need to add our logic to the crons too? Like pending and labels?

So #692 needs to be synced, tested, and merged is what you're saying.

And the cron works fine because it initiates a request to GitHub's API and pulls the data as a response whereas the webhooks send the request to our server. ModSecurity only filters incoming HTTP traffic, unless someone REALLY screwed up a configuration it shouldn't filter data from a curl request inside a PHP app.

BTW anyone with admin rights on whatever repo is having issues can check the webhook configurations on GitHub as it shows the log of all of the transactions and success/fail status. You end up with something like the below meaning our server is once again misconfigured.

i don't have admin rights on github repos. But also resending that would fail, correct?

Correct.

Per Rochen:

Apache was rebuilt on the following the whitelisting I did previously; I've reapplied the changes now