Opened 10 years ago
Closed 10 years ago
#670 closed defect (invalid)
%0a. routing bypass
| Reported by: | Adam Surak | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | nginx-core | Version: | 1.6.x |
| Keywords: | Cc: | ||
| uname -a: | Linux c5-eu-3.algolia.io 3.10.23-xxxx-std-ipv6-64 #1 SMP Tue Mar 18 14:48:24 CET 2014 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.6.2
built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1) TLS SNI support enabled configure arguments: --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module --add-module=../../algolia --add-module=../headers-more-nginx-module-0.22 --with-ipv6 |
||
Description
Hello,
I have noticed in my logs a following issue:
.pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /cgi.cgi/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24802 open() "/home/prod/prod/config/html/webcgi/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /webcgi/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24803 open() "/home/prod/prod/config/html/cgi-914/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /cgi-914/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24804 open() "/home/prod/prod/config/html/cgi-915/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /cgi-915/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24805 open() "/home/prod/prod/config/html/bin/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /bin/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24806 open() "/home/prod/prod/config/html/cgi/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /cgi/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24807 open() "/home/prod/prod/config/html/mpcgi/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /mpcgi/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24808 open() "/home/prod/prod/config/html/cgi-bin/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /cgi-bin/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24809 open() "/home/prod/prod/config/html/ows-bin/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /ows-bin/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24810 open() "/home/prod/prod/config/html/cgi-sys/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /cgi-sys/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24811 open() "/home/prod/prod/config/html/cgi-local/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /cgi-local/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24812 open() "/home/prod/prod/config/html/htbin/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /htbin/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24813 open() "/home/prod/prod/config/html/cgibin/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /cgibin/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24814 open() "/home/prod/prod/config/html/cgis/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /cgis/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24815 open() "/home/prod/prod/config/html/scripts/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /scripts/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24816 open() "/home/prod/prod/config/html/cgi-win/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /cgi-win/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24817 open() "/home/prod/prod/config/html/fcgi-bin/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /fcgi-bin/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24818 open() "/home/prod/prod/config/html/cgi-exe/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /cgi-exe/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24819 open() "/home/prod/prod/config/html/cgi-home/scripts/* .pl" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: "GET /cgi-home/scripts/*%0a.pl HTTP/1.0", host: "***" 2014/11/22 20:33:38 [error] 8963#0: *24820 open() "/home/prod/prod/config/html/cgi-perl/scripts/*
My nginx.conf allows:
/1/ /_ / - redirect to /1/404
The sequence that triggers this problem is "%0a." in the url. After that nginx starts to look for files on the filesystem.
Change History (4)
comment:1 by , 10 years ago
follow-up: 3 comment:2 by , 10 years ago
Could you please show some minimal config to reproduce the problem?
comment:3 by , 10 years ago
Replying to Maxim Dounin:
Could you please show some minimal config to reproduce the problem?
http {
client_body_temp_path "../run/body" 1 2;
include ./mime.types;
access_log off;
error_log ../run/error.log;
sendfile on;
tcp_nopush on;
server_tokens off;
keepalive_timeout 180;
client_header_timeout 180;
client_body_timeout 180;
reset_timedout_connection on;
send_timeout 10;
tcp_nodelay on;
server {
listen 80 backlog=32768;
server_name apieu1.algolia.com;
client_max_body_size 1024M;
gzip on;
gzip_disable "msie6";
gzip_min_length 100;
gzip_types *;
gzip_proxied any;
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, DELETE, POST, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: x-algolia-application-id, connection, origin, x-algolia-api-key, content-type, content-length, x-algolia-signature, x-algolia-usertoken, x-algolia-tagfilters, DNT, X-Mx-ReqToken, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Authorization, Accept';
more_set_headers 'Access-Control-Allow-Credentials: false';
location /1/ {
# omitted
}
location = /_ {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
break;
}
location / {
rewrite ^.*$ /1/404 permanent;
}
}
}
comment:4 by , 10 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
The problem is in this line:
rewrite ^.*$ /1/404 permanent;
It doesn't match unencoded URI as the ^.*$ doesn't match the string with an embedded newline. If you really want to return a redirect for all requests, use a regular expression which matches everything:
rewrite ^ /1/404 permanent;
Or, better yet, use the return directive:
return 301 /1/404;
Note:
See TracTickets
for help on using tickets.
Look at ticket #191