Stripping password from $request_body POST nginx logs - nginx

I am trying to strip password from my nginx/openresty POST data logs.
Post data logs looks like this
"POST /myapi/login/ HTTP/1.1" 200 37 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/75.0.3770.100 Safari/537.36" 0.000
req_body:"----password\x22\x0D\x0A\x0D\x0Atestuser\x0D\x0A------9\x0D\x0AContent-Disposition: form-data;
resp_body:"{success: \x22login succesful\x22}\x0A" upstream_response_time=- msec=1562036599.391 upstream_connect_time=- request_time=0.000 status=200
Here I want to replace "testuser" with "XXXXX" so that the user password is not visible to anyone

Related

kibana find http errors in single field

I am trying to run a search in kibana and capture specific http response codes (503).
As you can see, the below example has both a 302 and a 503 code.
XXX.XXX.XXX.XXX - - [08/Apr/2022:13:19:49 +0000] "GET /oauth/authorize/?client_id=XXX&code_challenge_method=S256&response_mode=query HTTP/2.0" 302 0 "https://XXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36" 503 0.038 [XXXXXXXXXXXXX-service-http] [] 192.168.XXX.XXX:8080 0 0.040 302 XXXXXXXXXXXXX
I would like to run a search only for results matching a 503 as the first occurence.
Can I do that from a search query in the lucene query text field in kibana?
or do I need to go through the hassle of creating an index pattern etc... just to match that 503 error?
Thank you

Nginx redirect except some extensions

I wrote a script that configures a captive portal and everything is working fine. The problem I'm having is because nginx is redirecting all the requests to http://hotspot.localnet/index.php is also redirecting all requests for images. So none of the images in index.php work.
Is there a way to exclude png,pdf files from being redirected to index.php and be displayed? Tried many regex examples found on the internet but having no luck.
The source code of the nginx config file is here: https://github.com/tretos53/Captive-Portal/blob/master/default_nginx
This is access.log with the above configuration:
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /index.php HTTP/1.1" 200 582 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /images/1.jpg HTTP/1.1" 302 161 "http://hotspot.localnet/index.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /images/2.png HTTP/1.1" 302 161 "http://hotspot.localnet/index.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /images/3.png HTTP/1.1" 302 161 "http://hotspot.localnet/index.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /images/4.png HTTP/1.1" 302 161 "http://hotspot.localnet/index.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /images/5.png HTTP/1.1" 302 161 "http://hotspot.localnet/index.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /images/6.png HTTP/1.1" 302 161 "http://hotspot.localnet/index.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"

Add this to your config:
location ~ \.(?:pdf|png)$ {
try_files $uri =404;
}

WooCommerce-WorldPay checkout taking forever to complete

I've been having trouble getting the Online Worldpay plugin (from https://wordpress.paymentplugins.com/product-category/worldpay/) to work with WooCommerce and after multiple trial and error, although it seems to be working now, it's taking forever to complete a transaction.
The first issue was this in the server log:
upstream timed out (110: Connection timed out) while reading response header from upstream
After searching on SO and a few trial and error, adding the following nginx directives seem to have fixed it:
proxy_connect_timeout 159s;
proxy_send_timeout 600;
proxy_read_timeout 600;
However it's still not fixed the problem. It's taking up to 5 minutes between clicking checkout and showing the confirmation page.
Here's my server log:
xxx.xxx.xxx.xxx - - [29/Aug/2018:11:51:40 +0100] "POST /staging/wp-
admin/admin-ajax.php HTTP/1.0" 200 1140 "https://website.com/staging/wp- admin/edit.php?post_type=shop_order" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
xxx.xxx.xxx.xxx - - [29/Aug/2018:11:49:02 +0100] "POST /staging/?wc- ajax=checkout HTTP/1.0" 200 1522 "https://website.com/staging/checkout/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
xxx.xxx.xxx.xxx - - [29/Aug/2018:11:53:17 +0100] "GET /staging/checkout/order-received/1001?key=wc_order_5b867a1e36616 HTTP/1.0" 301 4616 "https://website.com/staging/checkout/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
xxx.xxx.xxx.xxx - - [29/Aug/2018:11:53:17 +0100] "GET /staging/checkout/order-received/1001/?key=wc_order_5b867a1e36616 HTTP/1.0" 200 77776 "https://website.com/staging/checkout/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
xxx.xxx.xxx.xxx - - [29/Aug/2018:11:53:18 +0100] "GET /staging/wp-content/uploads/2018/08/fromUpload/37124872560_f78336501a_k-3-1024x485.jpg HTTP/1.0" 200 491 "-" "-"
xxx.xxx.xxx.xxx - - [29/Aug/2018:11:53:18 +0100] "GET /staging/wp-content/themes/website/functions/includes/im_cart_order.php?path=https://website.com/staging/wp-content/uploads/2018/08/fromUpload/37124872560_f78336501a_k-3-1024x485.jpg&crop_left=26.329113924050635&crop_top=0&crop_width=47.34177215189874&crop_height=100&rotate=0&filter=0&mirror=0&flip=0 HTTP/1.0" 200 59870 "https://website.com/staging/checkout/order-received/1001/?key=wc_order_5b867a1e36616" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
Appreciate any insight :)
Thanks!

Wordpress error 500 before installation

I try to install wordpress in subfolder on my WWW server. I downloaded clear wordpress from direct page (wordpress.org) and upload this content to folder on my server. When files has been uploaded and i try to go to install page browser returns "The xxx server can not handle this request now."
I have tested all the solutions on the Internet with a .htaccess file, allocating 64M memory, but none of them works.I also tried to change the PHP version to a newer / older version and upload files to the main directory on the server. Where is problem?
#EDIT - server logs
userip - - [27/Apr/2018:16:30:29 +0200] "GET /wordpress HTTP/1.1" 301 246 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:30:29 +0200] "GET /wordpress/ HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:30:29 +0200] "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:30:37 +0200] "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:30:37 +0200] "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:30:38 +0200] "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:32:14 +0200] "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:32:19 +0200] "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:36:50 +0200] "GET / HTTP/1.1" 200 769 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:36:51 +0200] "GET /favicon.ico HTTP/1.1" 404 - "xxx" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:36:56 +0200] "GET / HTTP/1.1" 200 769 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:37:25 +0200] "GET / HTTP/1.1" 200 745 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:37:26 +0200] "GET / HTTP/1.1" 200 745 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:37:28 +0200] "GET /test/ HTTP/1.1" 200 212 "xxx" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:37:38 +0200] "GET /test/ HTTP/1.1" 200 256 "xxx" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:37:39 +0200] "GET /test/ HTTP/1.1" 200 256 "xxx" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:37:40 +0200] "GET /test/ HTTP/1.1" 200 256 "xxx" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:37:40 +0200] "GET /test/wp-admin/ HTTP/1.1" 200 1075 "xxxtest/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:43:10 +0200] "GET /test/ HTTP/1.1" 200 354 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:49:16 +0200] "GET /test/ HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:49:16 +0200] "GET /test/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:50:27 +0200] "GET /test/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:16:50:28 +0200] "GET /test/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:04:23 +0200] "GET /wordpress HTTP/1.1" 301 246 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:04:23 +0200] "GET /wordpress/ HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:04:23 +0200] "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:07:23 +0200] "GET / HTTP/1.1" 200 755 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:21:09 +0200] "GET /wp HTTP/1.1" 301 239 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:21:09 +0200] "GET /wp/ HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:21:09 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:21:40 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:21:42 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:21:42 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:21:42 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:21:43 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:21:44 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:23:10 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:23:11 +0200] "GET /favicon.ico HTTP/1.1" 404 - "xxxwp/wp-admin/setup-config.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:23:48 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:27:51 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:27:52 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:28:18 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:29:28 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:34:26 +0200] "GET /wp/wp-admin/setup-config.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:34:26 +0200] "GET /favicon.ico HTTP/1.1" 404 - "xxxwp/wp-admin/setup-config.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:42:23 +0200] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
userip - - [27/Apr/2018:17:42:24 +0200] "GET /wp-admin/setup-config.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
#EDIT #2 - error log
[Fri Apr 27 18:15:54 2018] [error] [client 155.133.70.149] SoftException in Application.cpp:256: File "/home/xxx/public_html/wp/wp-admin/setup-config.php" is writeable by group
[Fri Apr 27 18:15:48 2018] [error] [client 155.133.70.149] SoftException in Application.cpp:256: File "/home/xxx/public_html/wp/wp-admin/setup-config.php" is writeable by group
[Fri Apr 27 17:23:10 2018] [alert] [client 155.133.70.149] /home/xxx/public_html/wp/.htaccess: Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration

how to make proxied wordpress page not to change typed url

I am using apache rewriterule to redirect url when client SSL certificate is not used. When I am redirecting to static page using [P] proxy flag, everything work as expected. But if I change redirection to page in wordpress, typed url disapeared and there is wordpress page permalink. I want to leave unchanged typed url in address bar, just to be able to use reload after connecting to VPN or using correct certificate.
RewriteRules as used in virtual host conf.
# SSL User Authentication
SSLVerifyClient optional
SSLVerifyDepth 3
# redirect all url when not in VPN or LOCAL NET
#RedirectMatch ^/(.*) http://terminus.terminus.cz
# to be able to debug rewrite in apache2 error log
LogLevel alert rewrite:trace6
# Error handling = unsuccessfull SSL user authetication
RewriteEngine on
Options +FollowSymLinks
Options +SymLinksIfOwnerMatch
# No authentification certificate
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
RewriteCond %{HTTP_HOST} ^trading\.terminus\.cz$ [NC]
# RewriteCond {HTTP_REFERER} value is blank
RewriteCond %{HTTP_REFERER} ^$
RewriteRule ^ http://terminus.terminus.cz/no_ssl_client_certificate.htm [L,NE,P,E=ssl_authentication_error_detected:1]
# RewriteRule show typed domain name, proxying to other domain, same query
#RewriteRule ^ http://terminus.terminus.cz%{REQUEST_URI} [L,NE,P,E=ssl_authentication_error_detected:1]
# RewriteCond {HTTP_REFERER} value is not blank
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
RewriteCond %{HTTP_HOST} ^trading\.terminus\.cz$ [NC]
# RewriteRule show typed domain name, proxying to other domain, same query
RewriteRule ^ http://terminus.terminus.cz%{REQUEST_URI} [L,NE,P,E=ssl_authentication_error_detected:1]
When I change proxied url to
RewriteRule ^ http://terminus-dev.terminus.cz/index.php/no_ssl_certificate [L,NE,P,E=ssl_authentication_error_detected:1]
It starts to changing typed URL in address bar to wordpress permalink, so [P] flag does not work expected way.
And from wordpress virtual host access log
37.48.19.237 - - [19/Jul/2016:09:28:42 +0200] "GET /index.php/no-ssl-certificate/ HTTP/1.1" 200 17126 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-includes/js/wp-emoji-release.min.js?ver=4.5.3 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-content/plugins/theme-my-login/theme-my-login.css?ver=6.4.5 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-content/plugins/wp-filebase/wp-filebase.css?t=1467256824&ver=3.4.4 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-content/plugins/llorix-one-companion//css/style.css?ver=4.5.3 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-content/plugins/wordpress-social-login/assets/css/style.css?ver=4.5.3 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-content/themes/llorix-one-lite/css/font-awesome.min.css?ver=4.4.0 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-content/themes/llorix-one-lite/css/bootstrap.min.css?ver=3.3.1 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-content/themes/llorix-one-lite/style.css?ver=1.0.0 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-content/themes/llorix-one-lite/js/bootstrap.min.js?ver=3.3.5 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-content/themes/llorix-one-lite/fonts/fontawesome-webfont.woff?v=4.5.0 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-content/themes/llorix-one-lite/js/custom.all.js?ver=2.0.2 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-content/themes/llorix-one-lite/js/skip-link-focus-fix.js?ver=1.0.0 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-includes/js/wp-embed.min.js?ver=4.5.3 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"

The redirect_canonical filter is responsible for url rewriting. So there is possibility to selectively disable this depending on the requested page.
Solved by placing following code to theme function.php
function ssl_certicate_pages_disable_canonical_redirect( $query ) {
if( 'no_ssl_certificate' == $query->query_vars['pagename'] )
remove_filter( 'template_redirect', 'redirect_canonical' );
if( 'wrong_ssl_certificate' == $query->query_vars['pagename'] )
remove_filter( 'template_redirect', 'redirect_canonical' );
}
add_action( 'parse_query', 'ssl_certicate_pages_disable_canonical_redirect' );

Resources