Open sl-service-account opened 4 years ago
Spidey Linden commented at 2019-10-29T21:19:33Z
Thank you for the info! We're looking into this now and I should have an update for you soon.
Soft Linden commented at 2019-10-30T17:03:19Z
It's completely fine to make use of this API, and the user agent shouldn't affect this API anymore. Is this working for you now?
Chaser Zaks commented at 2019-10-31T18:17:07Z, updated at 2019-10-31T18:21:18Z
That endpoint does appear to be working again, thank you! :D
BUT also these endpoints seem to be being a bit upset still:
Spidey Linden commented at 2019-11-01T23:49:38Z
Okay, thanks for letting us know! I'll pass that along to the team.
What just happened?
What were you doing when it happened?
Trying to check grid stats during downtime.
What were you expecting to happen instead?
200 OK
status code.Other information
I am unsure if this is intentional, or if automated security tools have blocked it. Seeing as how it is blocking all pages to the secondlife.com domain, I am thinking this is unrelated to the API but to thwart spam abuse. However, it has disrupted various services that rely on urllib, such as:
https://agni.softhyena.com/stats/ (I have been able to since resolve this)
These charts are highly critical to some people as it helps people figure out if the grid is having issues or it is just one person, those who wish to study the economy data, and people who provide in-world support to third party viewers. It also allows for some tools to automatically detect grid issues before it is published to the incident blotter.
If this is intentional, a explanation on why this block was put into place, and how we(third party developers) can better utilize the API without causing issue would be greatly helpful. From my understanding, this data is cached and shouldn't cause any negative impact considering there are many scripts in SL that already make request it, so I do not understand why it would be blocked unless there was major misuse from someone resulting in it being blacklisted.
I have updated my script's user-agent to be
Stats Logger (SysOp: Chaser.Zaks)
as to mark it as a individual script instead of a anonymous script so that I may be contacted in the event it does cause issue. If this is intentional to block the API, please do let me know and I will cease such activities ASAP. If this was unintentional and the source needs to be tracked down, it appears to have taken effect on2019-10-24 18:39:01.881846 UTC
.Original Jira Fields
| Field | Value | | ------------- | ------------- | | Issue | BUG-227807 | | Summary | All of Second Life's webpages are returning 403 Forbidden when a user-agent contains "Python-urllib" | | Type | Bug | | Priority | Unset | | Status | Accepted | | Resolution | Accepted | | Reporter | Chaser Zaks (chaser.zaks) | | Created at | 2019-10-29T01:51:15Z | | Updated at | 2019-11-01T23:49:37Z | ``` { 'Build Id': 'unset', 'Business Unit': ['Platform'], 'Date of First Response': '2019-10-29T16:19:32.961-0500', "Is there anything you'd like to add?": "I am unsure if this is intentional, or if automated security tools have blocked it. Seeing as how it is blocking all pages to the secondlife.com domain, I am thinking this is unrelated to the API but to thwart spam abuse. However, it has disrupted various services that rely on urllib, such as:\r\n* https://etitsup.com/slstats/\r\n* https://agni.softhyena.com/stats/ (I have been able to since resolve this)\r\n\r\nThese charts are highly critical to some people as it helps people figure out if the grid is having issues or it is just one person, those who wish to study the economy data, and people who provide in-world support to third party viewers. It also allows for some tools to automatically detect grid issues before it is published to the incident blotter.\r\n\r\nIf this is intentional, a explanation on why this block was put into place, and how we(third party developers) can better utilize the API without causing issue would be greatly helpful.\r\nFrom my understanding, this data is cached and shouldn't cause any negative impact considering there are many scripts in SL that already make request it, so I do not understand why it would be blocked unless there was major misuse from someone resulting in it being blacklisted.\r\n\r\nI have updated my script's user-agent to be {{Stats Logger (SysOp: Chaser.Zaks)}} as to mark it as a individual script instead of a anonymous script so that I may be contacted in the event it does cause issue.\r\nIf this is intentional with the intent to block the API, please do let me know and I will cease such activities ASAP.", 'Original Reporter': 'Chaser Zaks (chaser.zaks)', 'ReOpened Count': 0.0, 'Severity': 'Unset', 'System': 'Website', 'Target Viewer Version': 'viewer-development', 'What just happened?': '{code}\r\nfelix@Proteles:/var/log$ curl https://secondlife.com/httprequest/homepage.php --user-agent "Python-urllib"\r\n\r\nAccess Denied
\r\n \r\nYou don\'t have permission to access "http://secondlife.com/httprequest/homepage.php" on this server.\r\nReference #18.9e8eedcc.1572312505.24f24964\r\n\r\n\r\n{code}', 'What were you doing when it happened?': 'Trying to check grid stats during downtime.', 'What were you expecting to happen instead?': '{{200 OK}} status code.', 'Where': 'https://secondlife.com/httprequest/homepage.php', } ```