403 / Forbidden on favicon with NodeJS / Express - node.js

I'm currently testing LocomotiveJS and have a very simple "hello world" app up
I thought I'd set up the connect favicon middleware, but when I visit any route ('/' for example) I get the following in the console:
127.0.0.1 - - [Tue, 17 Jul 2012 21:41:25 GMT] "GET / HTTP/1.1" 200 1491 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11"
Error: Forbidden
at SendStream.error (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/send/lib/send.js:142:16)
at SendStream.pipe (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/send/lib/send.js:307:52)
at Object.static (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/static.js:78:8)
at next (/usr/local/lib/node_modules/locomotive/node_modules/express/node_modules/connect/lib/http.js:204:15)
at pass (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:219:24)
at Router._dispatch (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:280:5)
at Object.middleware [as handle] (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:45:10)
at next (/usr/local/lib/node_modules/locomotive/node_modules/express/node_modules/connect/lib/http.js:204:15)
at multipart (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/multipart.js:52:61)
at module.exports (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/bodyParser.js:57:9)
127.0.0.1 - - [Tue, 17 Jul 2012 21:41:25 GMT] "GET /favicon.ico HTTP/1.1" 403 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11"
Any idea what's causing this?


It looks like the send middleware is considering this request malicious because it's not the root and contains "..". I'm not sure why /favicon.ico would cause isMalicious to return true though. I'd suggest debugging into isMalicious and examining this._root and this.path. Could either be some bug in send or favicon middleware or perhaps your code isn't configuring them. Can't help with that unless you post some code.


What version of Express and Connect were pulled in as dependencies? I encountered a bug with express#3.0.0beta6, which I think has been fixed in beta7 (though I haven't confirmed that myself). I'm running on express#3.0.0beta4, which I know works, and you can revert to that by doing:
$ npm uninstall express
$ npm install express#3.0.0beta4
The master branch of Locomotive is using the Express 3.x betas, which have generally been pretty solid. I'm looking forward to that being stable, and pushing out new releases.

Related

Invalid Host header on Ubuntu 18.04 running Apache2

This is driving me insane!!
I'm running a web server on Ubuntu 18.04, and using plain ol Apache2. I've done countless searches and it all points to servers running other platforms, never the basic Apache2 system.
I have been trying to get the websites on my server going (virtual hosts) and have been having nothing but trouble getting each one to show when typing the url.
Anyway, I've been doing some tweaking here and there going by other suggestions here, and unfortunately, haven't kept track of what I have done. My memory is horrible due to some old man conditions I have, so I just can't remember where it all went wrong.
Here's what's happening:
All of my sites had been going to the same page on my server. But now, every site just brings up a blank page with
Invalid Host header
at the top left of the page.
That's it! I have gone through every error log on my system to no avail. All of the logs are showing the basics.
Here's the last line or two of each:
access.log: 192.168.86.1 - - [07/Jan/2022:08:39:33 -0700] "GET / HTTP/1.1" 200 447 "http://jonezhost.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
error.log:
[Sat Jan 15 07:28:57.253840 2022] [mpm_prefork:info] [pid 23104] AH00164: Server built: 2022-01-05T14:50:41
[Sat Jan 15 07:28:57.253847 2022] [core:notice] [pid 23104] AH00094: Command line: '/usr/sbin/apache2'
[Sat Jan 15 07:51:10.359888 2022] [core:info] [pid 23104] AH00096: removed PID file /var/run/apache2/apache2.pid (pid=23104)
[Sat Jan 15 07:51:10.359916 2022] [mpm_prefork:notice] [pid 23104] AH00169: caught SIGTERM, shutting down
[Sat Jan 15 07:52:22.983318 2022] [mpm_prefork:notice] [pid 1458] AH00163: Apache/2.4.29 (Ubuntu) configured -- resuming normal operations
other_vhosts_access.log:
jonez.co:80 192.168.86.1 - - [13/Jan/2022:16:26:40 -0700] "GET /icons/folder.gif HTTP/1.1" 200 491 "http://24.51.60.170/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15"
jonez.co:80 192.168.86.1 - - [13/Jan/2022:16:26:58 -0700] "GET /html/ HTTP/1.1" 200 447 "http://24.51.60.170/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15"
jonez.co:80 87.251.64.141 - - [13/Jan/2022:16:38:03 -0700] "\x03" 400 497 "-" "-"
That's...it! The system logs aren't showing anything Apache based.
The only thing I can figure out that's remotely close is it's trying to run in SSL, and I don't have SSL set up yet.
So I'm clueless! And ANY help would be HUGELY appreciated!!! I'm disabled and unable to leave home most of the time, so this is all I got to keep me busy. It's just a hobby, but an important one to me.
Thanks!!!

FIXED IT!!! lol
Turns out the problem wasn't with my server at all. It was my router's port forwarding!
I use Google Home stuff and Google Wi-Fi points. I don't recall their names atm, but they're Google. (Probably a red flag right there! lol)
Anyway, I have two IP Addresses on my server (I'm not doing any mail or dns stuff, so really just need one). I had them both pointing towards different websites. And herein lies the issue.
My main IP for the server was 192.XXX.XXX.200, and the second was 192.XXX.XXX.202. But I wasn't pointing them correctly. They both needed to point to port 80. I had .200 pointing to 80 and .202 pointing to 8080. So there was some confusion when setting up my virtual hosts. Something happened, I don't remember what, that made me decide to use .202 as the primary IP for vHosts. Then in my /etc/hosts file, I used both IP's going to the same location - let's say example.com.
So, all I can think of is that the sites weren't seeing the .202 and using the .200 since it was first on the list. And the "Invalid Host Header" was showing up due to the IP address confusion.
So, I just removed the .200 from all the settings, removed the port forwarding for it and set .202 to use ports 80 and 8080, 10000 for Webmin (cool little script if you want to monitor things away from home), 25, yadda. The sites came right up!
I still have some cleaning up to do with everything that I have tried, but at least THAT issue is done and gone! And I also know that "Invalid Host Header" will come up for many reasons depending on the platform you are using. So this is just one thing for people to check when frantically trying to get their websites back up!
Thanks for all the responses with great help!

Not able to sign in to gitlab after upgrade

I upgraded gitlal omnibus from gitlab-ce-12.0.2-ce.0.el7.x86_64 to gitlab-ce-12.0.3-ce.0.el7.x86_64.
Post which when I launch the URL http://10.28.19.103:8080 it redirects to http://10.28.19.103:8080/users/sign_in.
In that I only see a sign in btn. Upon clicking nothing happens. I have no space to enter to enter username and password.
The logs are as below:
==> /var/log/gitlab/gitlab-rails/production.log <==
Started GET "/" for 10.28.208.19 at 2019-07-05 01:02:15 +0800
Processing by RootController#index as HTML
Redirected to http://10.28.19.103:8080/users/sign_in
**Filter chain halted as :redirect_unlogged_user rendered or redirected**
Completed 302 Found in 16ms (ActiveRecord: 0.5ms)
Started GET "/users/sign_in" for 10.28.208.19 at 2019-07-05 01:02:16 +0800
Processing by SessionsController#new as HTML
==> /var/log/gitlab/gitlab-rails/production_json.log <==
{"method":"GET","path":"/","format":"html","controller":"RootController","action":"index","status":302,"duration":17.38,"view":0.0,"db":0.54,"location":"http://10.28.19.103:8080/users/sign_in","time":"2019-07-04T17:02:15.975Z","params":[],"remote_ip":"10.28.208.19","user_id":null,"username":null,"ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36","queue_duration":3.56,"correlation_id":"fqMPRtqjdO3"}
==> /var/log/gitlab/gitlab-rails/production.log <==
Completed 200 OK in 52ms (Views: 32.5ms | ActiveRecord: 2.2ms)
Started GET "/uploads/-/system/appearance/header_logo/1/ytlc.png" for 10.28.208.19 at 2019-07-05 01:02:16 +0800
Processing by UploadsController#show as HTML
Parameters: {"model"=>"appearance", "mounted_as"=>"header_logo", "id"=>"1", "filename"=>"ytlc.png"}
Sent file /opt/gitlab/embedded/service/gitlab-rails/public/uploads/-/system/appearance/header_logo/1/ytlc.png (0.3ms)
Completed 200 OK in 16ms (ActiveRecord: 1.5ms)
==> /var/log/gitlab/gitlab-rails/production_json.log <==
{"method":"GET","path":"/users/sign_in","format":"html","controller":"SessionsController","action":"new","status":200,"duration":54.1,"view":32.47,"db":2.17,"time":"2019-07-04T17:02:16.020Z","params":[],"remote_ip":"10.28.208.19","user_id":null,"username":null,"ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36","queue_duration":5.03,"correlation_id":"T9vwNeRZZZ6"}
{"method":"GET","path":"/uploads/-/system/appearance/header_logo/1/ytlc.png","format":"html","controller":"UploadsController","action":"show","status":200,"duration":17.42,"view":0.0,"db":1.47,"time":"2019-07-04T17:02:16.768Z","params":[{"key":"model","value":"appearance"},{"key":"mounted_as","value":"header_logo"},{"key":"id","value":"1"},{"key":"filename","value":"ytlc.png"}],"remote_ip":"10.28.208.19","user_id":null,"username":null,"ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36","queue_duration":4.3,"correlation_id":"Wsuv3JkKIj2"}
==> /var/log/gitlab/gitlab-rails/production.log <==
Started GET "/-/metrics" for 127.0.0.1 at 2019-07-05 01:02:18 +0800
Processing by MetricsController#index as HTML
Completed 200 OK in 5ms (Views: 0.7ms | ActiveRecord: 0.0ms)
==> /var/log/gitlab/gitlab-rails/production_json.log <==
{"method":"GET","path":"/-/metrics","format":"html","controller":"MetricsController","action":"index","status":200,"duration":6.82,"view":0.67,"db":0.0,"time":"2019-07-04T17:02:18.715Z","params":[],"remote_ip":null,"user_id":null,"username":null,"ua":null,"queue_duration":null,"correlation_id":"2e2fdaf8-4f81-4075-b9b5-1c34055bafba"}
==> /var/log/gitlab/gitlab-rails/sidekiq_exporter.log <==
[2019-07-05 01:02:18] 127.0.0.1 - - [05/Jul/2019:01:02:18 +08] "GET /metrics HTTP/1.1" 200 3501 "-" "Prometheus/2.8.1"
I took a backup of the current repositories, installed a new GIT on temp VM. Imported the above repository.
But again I faced the same problem.
Please help.

You should not be accessing GitLab via port 8080. That's Unicorn, and it shouldn't be listening externally by default. You should access GitLab via port 80 or 443 through Nginx.
If you've set Unicorn to listen on port 8080 on something other than localhost, I suggest setting that back to default and accessing via the configured external URL (which should be port 80 or 443).

Creating an issue in gitlab-ce results in a 405 Method not allowed

I've managed to migrate gitlab-CE 8.1 to 8.2, but I get an annoying issue.
Everytime I try to create an issue, I get this error:
==> /var/log/gitlab/gitlab-rails/production.log <==
Started POST "/api/api/issues" for 93.93.xx.xxx at 2015-12-15 15:05:13 +0100
==> /var/log/gitlab/nginx/gitlab_access.log <==
93.93.xx.xxx - - [15/Dec/2015:15:05:13 +0100] "POST /api/api/issues HTTP/1.1" 405 2 "https://git.myhost.name/api/api/issues/new?issue%5Bassignee_id%5D=&issue%5Bmilestone_id%5D=" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36"
It only occurs on this project. Do you have any idea where it comes from?
For information, I use a custom nginx.
Thanks,
Edit: To give more details, I have a white page like this when creating the issue.

Running Rendr Examples Results in HTTP 502 Error When Links Clicked

I have built and run Rendr's example apps on Ubuntu 13.10 using Node v0.8.6. When I click on the Repos or Users links, I get an HTTP 502 - Bad Gateway error, but when I refresh page (load from server) it works (200 - OK) and the repos or users are displayed
Here is server output for the working case - (page refresh):
127.0.0.1 - - [Fri, 31 Jan 2014 22:47:56 GMT] "GET /repos HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Ubuntu Chromium/32.0.1700.102 Chrome/32.0.1700.102
Safari/537.36"
And here is the failure case - (link navigation):
127.0.0.1 - - [Fri, 31 Jan 2014 22:48:07 GMT] "GET /api/-/users HTTP/1.1" 502 - "http://localhost:3030/users" "Mozilla/5.0 (X11; Linux
x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu
Chromium/32.0.1700.102 Chrome/32.0.1700.102 Safari/537.36"
Any ideas or pointers to what the problem might be?
Thanks.

The solution for this problem is here: https://github.com/airbnb/rendr/issues/266

How can I squelch Node JS's console logs for requests?

I don't want to see a log for every request the server receives when I'm testing (it makes reading the results much harder). Is there a simple way to start up Node so that it doesn't do that?
I'm referring the the lines that look like this just to be perfectly clear:
127.0.0.1 - - [Mon, 07 Jan 2013 15:59:52 GMT] "GET / HTTP/1.1" 200 1039 "-" "Mozilla/5.0 Chrome/10.0.613.0 Safari/534.15 Zombie.js/1.4.1"

NodeJS does not do this automatically.
Assuming you are using express, you need to remove the logger middleware. Remove this line:
app.use(express.logger());

Resources