I am using mod_security with CRS 3.3.0 on top of Apache 2.4. During a recent L7 DDoS attack, I recognized that certain attacks using HTTP/1.* were correctly block with HTTP 403 based on geolookup and having the country code listed in tx.high_risk_country_codes of the CRS config. However, a request from the identical IP was not blocked when using HTTP/2 as protocol. Any idea of a configuration setting specific for REQUEST-910-IP-REPUTATION.conf only enabled for protocols HTTP/1.* in the default rule set? For the time being, I restricted allowed protocols to HTTP 1.1 for affected site make mod_security working.
Some examples from access log:
<HOST>:443 XXX.XXX.XXX.XXX - - [03/Aug/2022:00:37:49 +0200] "GET /?s HTTP/1.1" 403 5636 "https://<HOST>/?s" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36"
<HOST>:443 XXX.XXX.XXX.XXX - - [03/Aug/2022:00:43:12 +0200] "GET /?s HTTP/2.0" 301 392 "https:///?s" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36"
Thanks in advance!
SCHAPPY
CRS dev-on-duty here. There is no configuration setting specific for REQUEST-910-IP-REPUTATION.conf that is only enabled for protocols HTTP/1.*.
I have no idea why the rule 910100 does not work for HTTP/2.
But do you have the possibility to enable debug logs (better not in production) with SecDebugLog and SecDebugLogLevel? Maybe you'll get more insights this way?
If you can't see and solve the problem with the modsec_debug.log, you can open an issue in the Core Rule Set GitHub project. We're happy to help!
Related
The source map for CRA is enabled by default. I have given Instana the permission to download source map from my application in production, but the errors reported are still compressed and uglified. I guess the configuration has no effect.
Referring to this doc.
When I do a curl for the source map from the terminal, it works.
My site is on HTTPS, but the doc says it makes an HTTP request.
Is that the root cause? How to fix it?
//Curl
curl 'https://{my url}/static/js/{sourcemap name}.map' -H
'cache-control: no-cache' -H
'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'
Instana will use the same protocol to make the sourcemap request. The documentation example uses http, but it will work with https the same way.
The most likely reason for your problem is that the sourcemap is not readable from the public internet. In your case, the sourcemap file requires http session authentication and redirects to a login page.
I'm building a system where the users will upload articles to my app and I need to store them. I've read the tutorial about blobhandlers on Google's documentation and it worked, but only local.
When I test the app on development server, everything is fine, but on production server, I get Error 404 and the following logs:
2014-02-17 08:59:28.490 /http://ciro-app-id.appspot.com/_ah/upload/AMmfu6ah2vpKNsIDSzlpYPqAgnQ_zznnUwDweG571CgMMnGlluXc1GJS0i42UYYOKVZNQMBhzyY3grQFeCgD4hf4usx_YeMwy4n_93qM-QFegsMIFHDkNovRcJ9Rnl9li91bo4bdClfV/ALBNUaYAAAAAUwJCQ_kw2ANG1Tnvs9OIU6cAyOUDscqL/ 404 19ms 0kb Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36 module=default version=1
186.226.15.242 - - [17/Feb/2014:08:59:28 -0800] "POST /http://ciro-app-id.appspot.com/_ah/upload/AMmfu6ah2vpKNsIDSzlpYPqAgnQ_zznnUwDweG571CgMMnGlluXc1GJS0i42UYYOKVZNQMBhzyY3grQFeCgD4hf4usx_YeMwy4n_93qM-QFegsMIFHDkNovRcJ9Rnl9li91bo4bdClfV/ALBNUaYAAAAAUwJCQ_kw2ANG1Tnvs9OIU6cAyOUDscqL/ HTTP/1.1" 404 188 "http://ciro-app-id.appspot.com/enviar" "Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36" "ciro-app-id.appspot.com" ms=20 cpu_ms=0 cpm_usd=0.000021 app_engine_release=1.9.0 instance=00c61b117c6c9b0c25f5b86e2eadac83e2908691
Here is my code: https://drive.google.com/file/d/0B1-lpPH97tV2dzN6aURYVENCMzQ/edit?usp=sharing
Here is my app: ciro-app-id.appspot.com
Try it yourself
Login credentials:
Email: ciromoraismedeiros#gmail.com
Password: 123
Access ciro-app-id.appspot.com/enviar fill the form and submit it.
Obs.: I'm Brazillian, so everything is in portuguese language.
Notice the leading "/" in your request log? In /templates/enviar_artigo.html, change
<form action='/{{upload_url}}' ...>
to
<form action='{{upload_url}}' ...>
When I tried to run GWT quick start tutorial I got this error message!
How can I fix this issue?
P.S.
I already installed GWT Developer plugin for Firefox 1.23
I installed eclipse from ubuntu 13.04 repository (version 3.8.1)
I already GWT from ubuntu 13.04 repository (version 2.4.0)
00:27:29.230 [ERROR] [hellostupid] Failed to load module 'hellostupid' from user agent 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0' at localhost:40544
java.lang.NullPointerException: null
at com.google.gwt.dev.javac.JsniChecker.getSuppressedWarnings(JsniChecker.java:565)
at com.google.gwt.dev.javac.JsniChecker$JsniDeclChecker.visit(JsniChecker.java:135)
at org.eclipse.jdt.internal.compiler.ast.TypeDeclaration.traverse(TypeDeclaration.java:1233)
at org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration.traverse(CompilationUnitDeclaration.java:679)
at com.google.gwt.dev.javac.JsniChecker.check(JsniChecker.java:615)
at com.google.gwt.dev.javac.JsniChecker.check(JsniChecker.java:559)
at com.google.gwt.dev.javac.CompilationStateBuilder$CompileMoreLater$UnitProcessorImpl.process(CompilationStateBuilder.java:83)
at com.google.gwt.dev.javac.JdtCompiler$CompilerImpl.process(JdtCompiler.java:251)
at org.eclipse.jdt.internal.compiler.Compiler.compile(Compiler.java:464)
at com.google.gwt.dev.javac.JdtCompiler.doCompile(JdtCompiler.java:710)
at com.google.gwt.dev.javac.CompilationStateBuilder$CompileMoreLater.compile(CompilationStateBuilder.java:235)
at com.google.gwt.dev.javac.CompilationStateBuilder.doBuildFrom(CompilationStateBuilder.java:447)
at com.google.gwt.dev.javac.CompilationStateBuilder.buildFrom(CompilationStateBuilder.java:370)
at com.google.gwt.dev.cfg.ModuleDef.getCompilationState(ModuleDef.java:360)
at com.google.gwt.dev.DevModeBase$UiBrowserWidgetHostImpl.createModuleSpaceHost(DevModeBase.java:110)
at com.google.gwt.dev.shell.OophmSessionHandler.loadModule(OophmSessionHandler.java:197)
at com.google.gwt.dev.shell.BrowserChannelServer.processConnection(BrowserChannelServer.java:525)
at com.google.gwt.dev.shell.BrowserChannelServer.run(BrowserChannelServer.java:363)
at java.lang.Thread.run(Thread.java:724)
I was facing the same issue , you can try this if you are getting this problem -
1.[ERROR] [mysecondproj] - Unable to initialize static dispatcher
2.[ERROR] [mysecondproj] - Failed to load module 'mysecondproj' from user agent 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1712.2 Safari/537.36' at 127.0.0.1:63405
http://stackoverflow.com/questions/29411048/gwt-starting-sample-project
I have build it from eclipse and ran on development server, it works, when I deploy it on app engine from eclipse, I got this following error, any idea why?
Very first time it went up to oauth2 dance, but it did not succeed, I have fixed redirect-url on api console, then, localhost worked, I did deployed again onto app engine, but it did not work, I got this error:
Error: 500 Server Error
The server encountered an error and could not complete your request.
If the problem persists, please report your problem and mention this error message and the query that caused it.
Error log in App engine console:
2013-06-07 01:59:36.619 /oauth2callback?code={removed now} 500 2416ms 0kb Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36
68.5.238.205 - - [07/Jun/2013:01:59:36 -0700] "GET /oauth2callback?code={removed now} HTTP/1.1" 500 0 - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36" "{my appid }.appspot.com" ms=2416 cpu_ms=1581 cpm_usd=0.000087 app_engine_release=1.8.0 instance=00c61b117c2c977fac245e8480eff747e75eb6
I 2013-06-07 01:59:34.228
com.google.glassware.AuthFilter doFilter: Skipping auth check during auth flow
I 2013-06-07 01:59:34.230
com.google.glassware.AuthServlet doGet: Got a code. Attempting to exchange for access token.
I 2013-06-07 01:59:35.427
com.google.glassware.AuthServlet doGet: Code exchange worked. User 115370471277937689999 logged in.
W 2013-06-07 01:59:36.614
Error for /oauth2callback
java.lang.NoClassDefFoundError: com/google/common/collect/Lists
at com.google.glassware.NewUserBootstrapper.bootstrapNewUser(NewUserBootstrapper.java:54)
at com.google.glassware.AuthServlet.doGet(AuthServlet.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
This looks like a bug in App Engine and the Google OAuth endpoints. It's being tracked in the Glass issue tracker. You can star that issue to receive updates as the investigation proceeds.
In the mean time, check out the .NET and PHP quick starts. They're working great.
I am getting the following error in App Engine after I deployed it. Does anybody know the reason? It's causing an error page sometimes. It seems simplejson is the cause...
According to http://code.google.com/status/appengine/ everyting should be working accordingly.
09-20 11:03AM 56.027 / 500 55902ms 240cpu_ms 0kb Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; nl-nl) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5,gzip(gfe)
- - [20/Sep/2010:11:04:51 -0700] "GET / HTTP/1.1" 500 0 - "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; nl-nl) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5,gzip(gfe)" "" ms=55903 cpu_ms=240 api_cpu_ms=0 cpm_usd=0.006723 loading_request=1 pending_ms=1266
E 09-20 11:04AM 51.915
<class 'google.appengine.runtime.DeadlineExceededError'>:
Traceback (most recent call last):
File "/base/data/home/apps//7.344918194765199957/main.py", line 11, in <module>
from logic import home, program, image, searchhandler, twitter, sitemap, feed
File "/base/data/home/apps/7.344918194765199957/logic/home.py", line 14, in <module>
from django.utils import simplejson
File "/base/python_runtime/python_lib/versions/third_party/django-0.96/django/utils/simplejson/__init__.py", line 95, in <module>
from django.utils.simplejson.decoder import JSONDecoder
File "/base/python_runtime/python_lib/versions/third_party/django-0.96/django/utils/simplejson/decoder.py", line 6, in <module>
from django.utils.simplejson.scanner import Scanner, pattern
File "/base/python_runtime/python_lib/versions/third_party/django-0.96/django/utils/simplejson/scanner.py", line 3, in <module>
"""
I 09-20 11:04AM 51.924
This request caused a new process to be started for your application, and thus caused your application code to be loaded for the first time. This request may thus take longer and use more CPU than a typical request for your application.
This is the error that the page will show:
Error: Server Error
The server encountered an error and could not complete your request.
If the problem persists, please report your problem and mention this error message and the query that caused it.
It seems this is not the only error causing the 500 error. Because most of the time this seems to be the cause:
09-20 11:37AM 18.229 /ohohcherso.html 500 11007ms 0cpu_ms 0kb Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.62 Safari/534.3,gzip(gfe),gzip(gfe)
94.209.194.233 - sammiestoel [20/Sep/2010:11:37:29 -0700] "GET /ohohcherso.html HTTP/1.1" 500 0 "http://www.tweetstream.nl/index.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.62 Safari/534.3,gzip(gfe),gzip(gfe)" "www.tweetstream.nl" ms=11008 cpu_ms=0 api_cpu_ms=0 cpm_usd=0.000148
W 09-20 11:37AM 29.237
Request was aborted after waiting too long to attempt to service your request. This may happen sporadically when the App Engine serving cluster is under unexpectedly high or uneven load. If you see this message frequently, please contact the App Engine team.
Here's your problem:
<class 'google.appengine.runtime.DeadlineExceededError'>
Your page is too slow, it should load within 30 seconds. Otherwise the App Engine will kill it.
http://code.google.com/appengine/docs/python/runtime.html#The_Request_Timer
It seems the real problem was there was a """ in the file as some comments, which created the 500 error. The app is working smooth now. I'm happy I found it at last.
So if you get this error first check if you made comments in a bad way!