gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Document SDLC content restoration and Streamlit WAF bypass

Browse Source 
- Fixed sdlc.gk2.secubox.in showing GK2 Hub template instead of original
  "Les Seigneurs de La Chambre" cinematic presentation
- Restored content via git checkout from preserved history
- Documented Streamlit WebSocket incompatibility with MITM proxy
- All 20 Streamlit apps require waf_bypass for WebSocket functionality

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-02-14 12:09:09 +01:00
parent ba2f459151
commit 86edee5e56
2 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
.claude/HISTORY.md
View File

@ -1643,3 +1643,39 @@ Client → HAProxy → mitmproxy (WAF) → Backend (Streamlit/MetaBlog)
Client → HAProxy → Backend (Infrastructure - bypass WAF)
Client → HAProxy → Backend (Path ACLs - bypass WAF)
```
## 2026-02-14: Streamlit WebSocket WAF Bypass
### Issue
Streamlit apps stopped displaying correctly after enabling WAF.
### Root Cause
Streamlit uses WebSockets (`_stcore/stream`) for real-time communication. mitmproxy MITM interception breaks WebSocket connections due to:
- Certificate validation issues (self-signed MITM cert)
- Connection upgrade handling incompatibility
- Stream state corruption
### Fix
Re-enabled `waf_bypass=1` for all 20 Streamlit apps. Trade-off: Streamlit apps bypass WAF filtering in favor of functionality.
### Affected Apps
basic, bazi, bweek, bweep, console, control, cpf, evolution, fabric, fabricator, ftvm, hermes, papyrus, pdf, photocloud, pix, play, wuyun, yijing360, yling
## 2026-02-14: MetaBlogizer SDLC Content Restoration
### Issue
`sdlc.gk2.secubox.in` displayed GK2 Hub landing page template instead of original content.
### Root Cause
GK2 Hub generator script had overwritten the local `index.html` with auto-generated service catalog page. Original content ("Les Seigneurs de La Chambre - Présentation Cinématique") was preserved in git history.
### Fix
```bash
cd /srv/metablogizer/sites/sdlc
git checkout HEAD -- index.html
```
### Verification
- Site now displays medieval/renaissance cinematic presentation
- Title: "Les Seigneurs de La Chambre - Présentation Cinématique"
- Description: "seigneurs de la Chambre" (from UCI config)

13
.claude/WIP.md
View File

@ -64,6 +64,19 @@ _Last updated: 2026-02-14 (WAF architecture configured)_
### Just Completed (2026-02-14)
- **MetaBlogizer SDLC Content Restoration** — DONE (2026-02-14)
- sdlc.gk2.secubox.in was showing GK2 Hub template instead of original content
- GK2 Hub generator had overwritten local index.html
- Original "Les Seigneurs de La Chambre - Présentation Cinématique" preserved in git
- Restored via `git checkout HEAD -- index.html`
- Site now correctly displaying cinematic presentation content
- **Streamlit WebSocket WAF Bypass** — DONE (2026-02-14)
- Streamlit apps use WebSockets which are incompatible with MITM proxy
- Re-added `waf_bypass=1` to all 20 Streamlit apps
- Apps now route directly through HAProxy without mitmproxy filtering
- Trade-off: Streamlit apps bypass WAF for WebSocket compatibility
- **WAF Architecture Configuration** — DONE (2026-02-14)
- WAF (mitmproxy) enabled for Streamlit apps and MetaBlogizer sites
- WAF bypass for infrastructure: Jellyfin, Mail, Glances, GoToSocial, Webmail