Prevent block from being used in main editor, use only as inner block

I am currently using the allowed_block_type filter to control the available blocks in my theme, similar to the following example:

function acf_allowed_blocks($  allowed_blocks, $  post) {     // Register core blocks     $  core_blocks = array(         'core/buttons',         'core/heading',         'core/image',         'core/list',         'core/paragraph',     );      // Register custom blocks     $  custom_blocks = array(         'acf/test-block',     );      // Register plugin specific blocks     $  plugin_blocks = array(         'gravityforms/form',     );      // Specify block groupings available on specific post types     switch ($  post->post_type) {     case 'post_type_example':         $  allowed_blocks = array_merge($  core_blocks);         break;     default:         $  allowed_blocks = array_merge($  core_blocks, $  custom_blocks, $  plugin_blocks);     }      return $  allowed_blocks; } add_filter('allowed_block_types', 'acf_allowed_blocks', 10, 2); 

While this works perfectly, I am trying to determine whether or not it’s possible to remove the gravityforms/form block, but allow it inside the acf/test-block. Currently, if I remove the block from this function, it’s also becomes unavailable as an inner block in my ACF block markup, which looks like this:

$  allowed_blocks = array( 'gravityforms/form' ); echo '<InnerBlocks allowedBlocks="' . esc_attr(wp_json_encode($  allowed_blocks)) . '" />'; 

Does anyone have any idea on whether or not this is even possible with the current state of Gutenberg? I can just as easily live with it being available as both a main and an inner block, but it would be my preference to only use it as an inner block.

Block HTTPS/TLS (Wo)Man in the Middle Attack

I found out that the landlord of my building is able to access all my internet URLs even though they are HTTPS. Ex they are able to see this entire URL: https://www.google.com/search?q=stackoverflow including path and query params.

I verified by clicking on the lock icon of my browser that the certificate issuer is "Google Trust Services". They are able to see all URLs, not just google.

Therefore, I am not able to understand how are they able to access all my internet traffic (I am certain they are able to access it). I am not sure if they can see the request/response body & content as well. We are using AT&T internet (not sure if they have a Netgear Nighthawk router connected in the middle). I cannot access the router interface (192.168.0.1) because the attacker (the landlord) is able to see all my URLs.

Is there a way to thwart their attack by using some browser plugin or a similar solution? I found out that Chrome has HTTPS Everywhere Plugin but that might not help because my browser is already showing that the connection is HTTPS. Ideally I would like to find a way to also detect (and prove) that they are looking at my web browsing history, ex: I can create a website and use javascript to log visitor information (but it will be hard to pinpoint that they are the attacker), in case I decide to show it to our local authorities.

I use Firefox and Chrome for browsing the internet.

UFW does not block meterpreter

I am doing some pen testing on my wordpress server. I wanted to see what would happen if the attacker were to get a hold of my username and password for wordpress.

So I used the standard exploit in msfconsole wp_admin_shell_upload and set password and username.

What I do not understand is why my UFW does not block the established connection. ( My rules are set to block everything apart from port: 21,80 & 22)

But I can see a connection established on port 48846. Why is this not blocked and why am I able to send commands to remote machine via meterpreter and receive data?

Screenshots below:

Client: Client

Attacker: Attacker

Tetris block rigidbodies pass through one another with Transform.Translate [duplicate]

I am trying to build a Tetris 3D game in Unity but i am stuck at getting the different blocks to interact (to detect each other, to sit one on top of the other rather than going through each other). I have set the ground with a box collider and the spwaned blocks come in with rigidbodies.

This works for them to nicely settle on the ground but when I try to sit a block on top of another block they both have rigidbodies and the collision detection doesn’t work and they end up overlapping. The problem is if I remove the rigidbody of the already settled block then it will go through the ground.

Any idea how to get 2 spawned objects to detect each other?

using System.Collections; using System.Collections.Generic; using UnityEngine; using UnityEngine.UIElements;  public class moveBlock : MonoBehaviour {         public static float speed = 2;     public GameObject[] blocks;     public static List<GameObject> blocksSpawned = new List<GameObject>();     public static List<Rigidbody> blocksRBSpawned = new List<Rigidbody>();     public static bool triggerPlatform = true;     Rigidbody rb;      void Update()     {         Vector3 input = new Vector3(Input.GetAxisRaw("Horizontal"), 0, Input.GetAxisRaw("Vertical"));         Vector3 direction = input.normalized;         Vector3 velocity = direction * speed;         Vector3 moveAmount = velocity * Time.deltaTime;          if (triggerPlatform)         {             blocksSpawned.Add((GameObject)Instantiate(blocks[Random.Range(0, 7)], new Vector3(0, 6, 0), Quaternion.Euler(Vector3.right)));             rb = blocksSpawned[blocksSpawned.Count - 1].GetComponent<Rigidbody>();             blocksRBSpawned.Add(rb);             triggerPlatform = false;         }         /*if (!triggerPlatform)         {             Destroy(blocksRBSpawned[blocksRBSpawned.Count - 1]);         }*/         if (blocksSpawned[blocksSpawned.Count - 1] != null)         {             blocksSpawned[blocksSpawned.Count - 1].transform.Translate(Vector3.down * Time.deltaTime*speed, Space.World);             blocksSpawned[blocksSpawned.Count - 1].transform.Translate(moveAmount);         }     } }  using System.Collections; using System.Collections.Generic; using UnityEngine;  public class trigger : MonoBehaviour {         private void OnTriggerEnter(Collider other)     {         moveBlock.triggerPlatform = true;     } } 

enter image description here

Is it possible to intentionally cause Google and AWS to block my IP address?

It may sound a little weird. I am validating one of my possible research ideas where I want to see if I can intentionally and effectively make websites such as Google and AWS to block my IP. By "block", I mean it won’t let me directly access the service, but not necessarily blacklist my IP. For example, the website will ask me to solve a ReCaptcha before I can access its service, instead of telling me service is unavailable.

I know if I send a large number of requests in a short time (i.e., using DoS) it is very likely that I can make it work, but I wonder if there is any other "efficient" way to make it happen. From what I have found here: https://support.google.com/websearch/thread/2596872?hl=en, it mentioned Google may block the following:

  • Sending searches from a robot, computer program, automated service, or search scraper
  • Using software that sends searches to Google to see how a website or webpage ranks on Google
  • Using an app, program or script to perform a large number of searches in a short time

Is it possible that I mimic such a request and cause myself to be blocked in just one or a few requests?

WAF Block issues

We have a web app hosted in AWS. I want users to only reach specifics URIs not but not the home page of the app. For instance, if the app is reachable at https://mypublicapp.com, I only want the users to access https://mypublicapp.com/submit/d131dd02c5e6eec4/. The "d131dd02c5e6eec4" example hash value is different for different resources. When I take a look at how the app works using the DEV tools of the browser, the "Requested URL" is https://mypublicapp.com/submit**?key=**d131dd02c5e6eec4/ so the hash is sent as a query string in the headers under the value "key". At this point I could simply use the AWS waf to inspect the request header and reject everything that has no key as a query string. But the problem is that the web app, which I do not have control over, also does a request to the "/", so If I restrict the home page, I also restrict the access to the submit resource mentioned above. Any ideas on how to do the home block without blocking the resource?

Appreciate. Farid

Would an Antimagic Field block telepathic communication with a familiar?

Ichabod the Inscrutable has an imp familiar and is exploring a dungeon. He comes across a series of trapped rooms that have Antimagic Fields in them, and he wants to send his familiar to explore them.The Antimagic Fields completely fill each room, but do not extend beyond their walls.

Ichabod is currently standing outside of the first room.

Would an Antimagic Field block telepathic communication with a familiar?