This release contains a change to the default Nginx whitelist that makes SendCloud exempt from the standard bot ratelimit. The FPM slot limit still applies. Users can further configure their ratelimiting settings in the Nginx config in /data/web/nginx.
Also in this release:
- more tweaks to the WAF for yesterday’s RCE mitigation
The Cart2Quote development team released an update to their plugin which fixes the exploit, that can be found here. If you have updated your Ophirah_Qquoteadv plugin and want to disable the firewall rules you can edit /data/web/nginx/server.qquoteadv.conf and comment out the rules by adding a # in front of each line.
- Increased stability of the
FPMGONE-slayer
The hypernode-fpm-monitor GONE requests slayer will now still operate even when there is no space left in the /data partition.