Weird problem: If the URL contains the word "star", the result is a 404. It does only happen with this word.
Working:
http://example.com/some/another/url
Not working:
http://example.com/some/url/with/star
The virtual host config is not the problem as it appears on all server blocks, even in the default one.
The error does not appear in the access.log!
Anyone else with nginx 1.9.14 can reproduce this strange problem?
The reason was a copy & pasted line that should cache static files:
~*.(ogg|ogv|svg|tar…)
Since "star" is ending with tar (like the .tar archive) the rule fired because there is a missing backslash. It must be
location ~*\.(ogg|ogv|svg|svg|tar)
Thanks to nginx mailing group!
Related
We're got a pre-existing rsyslog config file which is working for papertrail e.g.
/etc/rsyslog.d/20-papertrail.conf which has
*.* #logs4.papertrailapp.com:44407
However we've got a couple of NGINX websites on the server so would like to have it also monitor their error logs.
The paths to them are:
/var/log/nginx/www.website-one.com-error.log
/var/log/nginx/www.website-two.com-error.log
/var/log/nginx/www.website-three.com-error.log
However this /var/log/nginx also contains a bunch of .log files which we do not want to monitor e.g.
/var/log/nginx/error.log
/var/log/nginx/access.log
/var/log/nginx/error.log1
/var/log/nginx/nginx.log
In my head we need to add something like...
/var/log/nginx/*-error.log
And make sure they pipe to the papertrail url as well.
However I'm struggling to decipher the rsyslog documentation to figure out how to do this.
Thanks!
In rsyslog documentation it seems that you can use wildcards in files.
File
The file being monitored. So far, this must be an absolute name (no macros or templates). Note that wildcards are supported at the file name level (see WildCards below for more details).
WildCards
Before Version: 8.25.0
Wildcards are only supported in the filename part, not in directory names.
/var/log/*.log works.
/var/log/*/syslog.log does not work.
Since Version: 8.25.0
Wildcards are supported in filename and paths which means these samples will work:
/var/log/*.log works.
/var/log/*/syslog.log works.
/var/log/*/*.log works.
All matching files in all matching subfolders will work. Note that this may decrease performance in imfile depending on how many directories and files are being watched dynamically.
If you want to forward your vhosts logs you can change configuration directly in NGINX vhosts configuration, you should change/add access_log and error_log policies as explained here or use custom facilities to forward your logs (using rsyslog).
HOW TO DO IT USING RSYSLOG?
Create a new custom file in /etc/rsyslog.d/nginx_custom.conf:
module(load="imfile" PollingInterval="1") #needs to be done just once
# File 1
input(type="imfile"
File="/var/log/nginx/www.website-*.com-error.log"
Tag="websites"
Facility="local0")
local0.* #logs4.papertrailapp.com:44407
#Just to test that logs are forwarded, comment the line once you've tested it
local0.* /var/log/test.log
And restart rsyslog service
NOTE: Line local0.* /var/log/test.log is just to test that you can see forwarded logs into your local server, comment this line after you've tested that everything works.
I'm new to nginx and I like it.
I'm putting up a few scgi feeds, and some static content.
After creating a home page hierarchy under /home, I went to move it to /.
But when I put it there the .jpg and .jpeg images were coming back 404.
sitename.com/test.gif is found just fine.
sitename.com/test.jpg is 404
but creating a a subdirectory, and copying test.jpg work.
sitename.com/subdirectory/jpg is fine.
I'm running with pretty empty config files as they were installed under Ubuntu 18.
I'd REALLY like to know what's going on here, and why top level .jpg/.jpeg files are doing this.
I know I could create a location directive as follows:
location ~ \.(jpg|jpeg)$ {
root /real/location/of/my/home/;
}
But that breaks access to .jpg/jpeg files in the scgi locations served from other roots.
I found it! It wasn't the jpg/jpeg suffix. It was the filename!
I have a /wdc location that is an scgi script.
A file in / that begins wdc for example /wdc-face.jpg goes through to scgi.
Many of the nginx example give locations without trailing slashes. But I think that a trailing slash is what people should be encouraged to use by default
I want to write NginX rewrite rule to convert all Backslashes to forward-slashes.
Something exactly like: Using .htaccess to replace backslash in URL with forward-slash
however, I am working in NginX while above link refers to Apache.
I migrated my application from Windows IIS to Linux Tomcat and hence I need to get this done.
My URL has multiple Backslashes which gets resolved fine in IE and Chrome but Firefox is resolving them to its Unicode %5C and hence I need to rewrite.
My sample URL in WIndows/IIS: https://doman.com/company/.\images\company\companylogo.png
When I moved stuff to Linux/Tomcat, above URL works in Chrome and IE, but Firefox is converting above backslashes to %5C. So Firefox is trying to resolve: https://doman.com/company/.%5Cimages%5Ccompany%5Ccompanylogo.png
And needless to say, Firefox fails to load the image.
Here is what I tried so far in my nginX configuration (Once statement at a time)):
rewrite \ / permanent;
rewrite \\ \/ permanent; # with escaping thinking it might help
rewrite (.*)\(.*)\(.*)\(.*) $1/$2/$3/$4 permanent;
rewrite (.*)\(.*)\(.*)\(.*) $1\/$2\/$3\/$4 permanent;
Howcer , none seem to work and last 2 statements are throwing NginX configuration Error.
Any pointers would be of great help. There are thousands such URLs and I cannot imagine of converting all of them into Forward-Slash'd style.
Finally, I figured it out myself.
First off, in NginX, a backslash needs to be escaped twice. Nginx Uses Lua launguage module extensively for parsing request. So, NginX config parser as well as Lua module will strip off the escaping backslashes. Hence need to escape it twice.
This is wrong: \\
This is Correct: \\\
This part bugged me for 2 days as I was following typical PCRE standards for escaping characters and NginX would throw regex error at me.
More about this behaviour is explained here: http://wiki.nginx.org/HttpLuaModule#Special_PCRE_Sequences
Now, over to my question:
Source URL: https://domain.com/company/.\images\company\companylogo.png
Redirected URL: https://domain.com/company/./images/company/companylogo.png
I wanted to convert all \ to / in above URL. So, for this purpose, below rewrite rule is needed:
rewrite ^/(.+)\\\(.+)\\\(.+)\\\(.+)$ /$1/$2/$3/$4 redirect;
Above rule will do a single redirect (HTTP Code 302) and will get all the three \ converted to /.
However, If you have varying number of \ in the URL, then above rule may(not) work. Hence in that case, use below rule to convert ALL \ to /
rewrite ^/(.+)\\\(.+)$ /$1/$2 redirect;
Please note that, with above rule in place multiple redirects (HTTP Code 302) will happen causing some latency. The number of redirects will be equal to number of \ in the source URL. This would work on my URL too. But then it would have done the redirect for 3 times (as I have 3 backslashes in my URL). So, I am good with the 1st rule I mentioned above.
Nonetheless, I had a great learning all along and I understand NginX better now.
Here are few (out of hundreds of) links which helped solving this issue:
http://wiki.nginx.org/HttpLuaModule
https://blog.engineyard.com/2011/useful-rewrites-for-nginx
http://nginx.org/en/docs/http/ngx_http_core_module.html#location
http://blog.rackcorp.com/2010/05/nginx-location-and-rewrite-configuration-made-easy/
http://www.cyberciti.biz/faq/unix-linux-bsd-nginx-redirect-url-http-301-status-code/
I have been look around trying to get this working right for a while now, and finally bit the bullet and posted here.
I've got a LAMP stack with ModSecurity using the OWASP core rule set (v 2.2.5) and just installed Wordpress. I expected conflicts with ModSecurity, but I haven't been able to ignore or work aroudn the only error I've encountered so far.
The Apache error.log file and the modsec_audit.log both list the same error:
ModSecurity: Rule 7f5d9a449228 [id "950901"][file "/etc/modsecurity/owasp-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null).`
I've tried creating a new .conf file where the crs conf files are located containing
<LocationMatch .*>
<IfModule mod_security2.c>
SecRuleRemoveById 950901
</IfModule>
</LocationMatch>
and even removed the IfModule statement and then LocationMatch statement when it didn't work.
Finally I resorted to commenting out lines 76 and 77 in the .conf file, and the error still appeared. This also had no effect.
Only changing SecRuleEngine to Off in modsecurity.conf finally let me access the page. Of course this defeats the purpose of ModSec.
Where am I going wrong?
Try adding this to your php.ini file (or included conf file):
pcre.backtrack_limit = 10000000
pcre.recursion_limit = 10000000
And then this to your modsecurity.conf:
SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000
This should allow for recursion without having to fully disable mod_security.
I have a file failed.asp in folder abc. Now i want to redirect my user.asp page in folder xyz to page failed.asp when there is a error. When i have my failed.asp in same folder as my user.asp it does not give me error but if i use virtual path in server.transfer it is giving me error. How can i fix this.
Server.Transfer("failed.asp") --Works
Server.Transfer("abc/failed.asp") or Server.Transfer("../abc/failed.asp") --fails saying error when loading file
does not work what is the possible work around for this issue.
Server.Transfer("/abc/failed.asp") should work. Note that the root path starts with a forward slash.