From 86edee5e56b8fdf2da8387a59f126229a243fda4 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Sat, 14 Feb 2026 12:09:09 +0100 Subject: [PATCH] docs: Document SDLC content restoration and Streamlit WAF bypass - Fixed sdlc.gk2.secubox.in showing GK2 Hub template instead of original "Les Seigneurs de La Chambre" cinematic presentation - Restored content via git checkout from preserved history - Documented Streamlit WebSocket incompatibility with MITM proxy - All 20 Streamlit apps require waf_bypass for WebSocket functionality Co-Authored-By: Claude Opus 4.5 --- .claude/HISTORY.md | 36 ++++++++++++++++++++++++++++++++++++ .claude/WIP.md | 13 +++++++++++++ 2 files changed, 49 insertions(+) diff --git a/.claude/HISTORY.md b/.claude/HISTORY.md index 91875193..e8729c76 100644 --- a/.claude/HISTORY.md +++ b/.claude/HISTORY.md @@ -1643,3 +1643,39 @@ Client → HAProxy → mitmproxy (WAF) → Backend (Streamlit/MetaBlog) Client → HAProxy → Backend (Infrastructure - bypass WAF) Client → HAProxy → Backend (Path ACLs - bypass WAF) ``` + +## 2026-02-14: Streamlit WebSocket WAF Bypass + +### Issue +Streamlit apps stopped displaying correctly after enabling WAF. + +### Root Cause +Streamlit uses WebSockets (`_stcore/stream`) for real-time communication. mitmproxy MITM interception breaks WebSocket connections due to: +- Certificate validation issues (self-signed MITM cert) +- Connection upgrade handling incompatibility +- Stream state corruption + +### Fix +Re-enabled `waf_bypass=1` for all 20 Streamlit apps. Trade-off: Streamlit apps bypass WAF filtering in favor of functionality. + +### Affected Apps +basic, bazi, bweek, bweep, console, control, cpf, evolution, fabric, fabricator, ftvm, hermes, papyrus, pdf, photocloud, pix, play, wuyun, yijing360, yling + +## 2026-02-14: MetaBlogizer SDLC Content Restoration + +### Issue +`sdlc.gk2.secubox.in` displayed GK2 Hub landing page template instead of original content. + +### Root Cause +GK2 Hub generator script had overwritten the local `index.html` with auto-generated service catalog page. Original content ("Les Seigneurs de La Chambre - Présentation Cinématique") was preserved in git history. + +### Fix +```bash +cd /srv/metablogizer/sites/sdlc +git checkout HEAD -- index.html +``` + +### Verification +- Site now displays medieval/renaissance cinematic presentation +- Title: "Les Seigneurs de La Chambre - Présentation Cinématique" +- Description: "seigneurs de la Chambre" (from UCI config) diff --git a/.claude/WIP.md b/.claude/WIP.md index 54bbb51e..132f6d5b 100644 --- a/.claude/WIP.md +++ b/.claude/WIP.md @@ -64,6 +64,19 @@ _Last updated: 2026-02-14 (WAF architecture configured)_ ### Just Completed (2026-02-14) +- **MetaBlogizer SDLC Content Restoration** — DONE (2026-02-14) + - sdlc.gk2.secubox.in was showing GK2 Hub template instead of original content + - GK2 Hub generator had overwritten local index.html + - Original "Les Seigneurs de La Chambre - Présentation Cinématique" preserved in git + - Restored via `git checkout HEAD -- index.html` + - Site now correctly displaying cinematic presentation content + +- **Streamlit WebSocket WAF Bypass** — DONE (2026-02-14) + - Streamlit apps use WebSockets which are incompatible with MITM proxy + - Re-added `waf_bypass=1` to all 20 Streamlit apps + - Apps now route directly through HAProxy without mitmproxy filtering + - Trade-off: Streamlit apps bypass WAF for WebSocket compatibility + - **WAF Architecture Configuration** — DONE (2026-02-14) - WAF (mitmproxy) enabled for Streamlit apps and MetaBlogizer sites - WAF bypass for infrastructure: Jellyfin, Mail, Glances, GoToSocial, Webmail