When using IIS as RPS (Reverse Proxy Server) with Weblogic, using the Weblogic ISAPI filter plug-ins, there does not appear to be UTF-8 support for file attachment file names.
For example, the GET command with RPS in place showed the unencoded file name, i.e.:
10.166.45.33 - - [08/juin/2012:12:07:39 -0500] "GET
/cs/U1/pscc/V_d1305081-b3c5-4e1e-989e-b8bdd497a1a3/ÇÖÐÅ.msg
HTTP/1.1" 200 46088
That versus an encoded file name when RPS was not used:
10.210.36.126 - - [15/May/2012:11:35:38 -0500] "GET
/cs/U1/pscc/V_4ed65546-e138-4a84-b5b2-a2cf9f01d85f/%C3%87%C3%96%C3%9
0%C3%85.msg HTTP/1.1" 200 46088
How do I circumvent this
Thanks in advance
This is the problem with the plugin used between IIS and WLS
Related
I am managing a site hosted on aws ec2 using nginx. To avoid threats continuously monitoring nginx logs ( access.log & error.log). Though many threats are well managed by tweaking nginx.conf, but this specific one I am not even able to figure out how attacker manage to send such request.
access.log
xx.xxx.xx.xxx - - [18/Aug/2021:09:04:13 +0000] "GET http://xxxxxxxxx.com/ HTTP/1.1" 200 1400 "-" "Go-http-client/1.1"
In above case let's say name of my website is "h ttp://abc-xyz-1234.com", attacker is passing url in path (i.e. http://xxxxxxxxx.com/ ), and nginx responding with "200". I am still scratching my head how was request made and what was responded with 1400 of bytes ( response length still much lesser than website response site for path "/" ).
As I believe its not possible through browser, I tried to simulate using curl but it wouldn't work.
it is considered 2 separate request to curl
curl -A Mozilla h ttp://abc-xyz-1234.com/ http://xxxxxxxxx.com
invalid domain
curl -A Mozilla h ttp://abc-xyz-1234.comhttp://xxxxxxxxx.com
it will hit host with path /http://xxxxxxxxx.com and get rejected. Attacker is manage to send it without prefix "/" and thats what trying to simulate
curl -A Mozilla h ttp://abc-xyz-1234.com/http://xxxxxxxxx.com
You can use --request-target for this:
curl -A Mozilla http://abc-xyz-1234.com --request-target http://xxxxxxxxx.com
Using nc, I was able to download one file with:
GET /index.html HTTP/1.1
Host: {insert host name}
But I can't figure out how to download multiple files in one request
I have a little problem with CUPS 2.2.7
This is my /etc/hosts file:
127.0.0.1 example.com
127.0.0.1 localhost
in http://localhost:631/ CUPS is working right
but in http://example.com:631/ it doesn't work on the same pc.
The message error in View error log is that one:
E [21/Feb/2019:11:54:18 +0100] [Client 33] Request from "localhost" using invalid Host: field "example.com:631".
The web page on Firefox print an error message Invalid request and give me an Error (error code: 400) but seems point on CUPS.
How to solve this problem so that example.com:631 points to localhost and CUPS answers it successfully instead of Error 400: Access Denied.
By default cups servers HTTP requests only with HTTP Host header equal to "localhost". To allow it servicing requests for additional HTTP host headers use ServerAlias directive as described in the man cupsd.conf documentation. It's common to do the most unsafe thing and add
ServerAlias *
to /etc/cupsd.conf to allow all possible HTTP host headers to be serviced.
I know this is old, but I too was experiencing the same issue recently and I resolved it by updating the following line in cupsd.conf from:
Listen 0.0.0.0:631
changed to:
Listen *:631
For those that maybe care to know, I'm running CUPS within a docker container, and this change corrects the "Bad Request" response.
Im using GAE for my nodejs express backend. It worked earlier, but suddenly I keep getting
Error: Server error.
The server encountered an error and could not complete your request.
Please try again in 30 seconds.
My error logs is like this :
default[20181129t203637] "GET / HTTP/1.1" 500
default[20181129t203637] "GET /favicon.ico HTTP/1.1" 500
default[20181129t203637] "GET /favicon.ico HTTP/1.1" 500
default[20181129t203637] "GET /favicon.ico HTTP/1.1" 500
I tried adding favicon.ico to my public folder and install npm serve-favicon for the favicon.ico but same error still persist. I thought it was a limit but I tried changing accounts, changing different express project, the same error still comes out.
my app.yaml file :
runtime :nodejs8
instance_class: F4_1G
Also have cron.yaml file but I haven't run the cron job yet.
There is nothing wrong with my project when it s run locally.
Is there any way to fix this?
This is probably because you don't have active instances ready to handle requests, which causes them to time out while App Engine loads your code into a fresh instance. You can mitigate this by reducing the time it takes to load your code or by implementing warmup requests to keep your instances alive when there isn't any traffic.
I have problem with my Debian server (Linux 2.6.32-5-686 i686) when I start apache2 everything seems ok but in a while apache executable start duplicating it self again and again to thew critical moment when server fall down. I don't know where is the problem. I'm getting lot of these messages in access.log
::1 - - [04/Aug/2013:10:16:45 +0200] "OPTIONS * HTTP/1.0" 200 136 "-" "Apache (internal dummy connection)"
Please have a look at the apache wiki regarding this dummy connections http://wiki.apache.org/httpd/InternalDummyConnection
Please revise your settings for MinSpareServers and MaxSpareServers.