首頁 美術繪圖 | 美術設計 | 熱門標籤 | 首選 | 首頁宣傳 | 近期作品 論壇: 發表 | 美術工作 | 美術比賽 | 展覽活動 | 美術相關 | 一般討論 | 美術同好 CG 討論 :: Photoshop | Painter | 3D 行動 | AMP

【 立即註冊 】 : 更改個人資料 : : 登入

會員名稱: 登入密碼: 保持登入
Type(Type) 所有的發表文章

前往頁面 ←上一頁  1 ... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 ... 559  下一頁→

👍 👍(2023-03-22 13:02)

👍👍

「萬能水塔公司」是台灣的企業嗎?(2023-03-22 13:01)

🐔 👍(2023-03-22 13:00)

[h2]More reference for [B] flag in Apache2 RewriteRule[/h2]
👍 https://httpd.apache.org/docs/2.4/rewrite/flags.html

引言回覆:

The [B] flag instructs RewriteRule to escape non-alphanumeric characters before applying the transformation.
(2023-03-21 12:06)

[h2]More RHEL/Ubuntu References about CVE-2023-25690[/h2]

https://access.redhat.com/security/cve/cve-2023-25690
https://ubuntu.com/security/notices/USN-5942-1


Please use "apache2 -v" or "httpd -v" to check your apache2 version

Ubuntu 22.10: apache2 - 2.4.54-2ubuntu1.2
Ubuntu 22.04: apache2 - 2.4.52-1ubuntu4.4
Ubuntu 20.04: apache2 - 2.4.41-4ubuntu3.14
Ubuntu 18.04: apache2 - 2.4.29-1ubuntu4.27


代碼:

USN-5942-1: Apache HTTP Server vulnerabilities
9 March 2023

Several security issues were fixed in Apache HTTP Server.

Releases
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS
Packages
apache2 - Apache HTTP seraver
Details
Lars Krapf discovered that the Apache HTTP Server mod_proxy module
incorrectly handled certain configurations. A remote attacker could
possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2023-25690)

Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server
mod_proxy_uwsgi module incorrectly handled certain special characters. A
remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.0

Ubuntu 22.10
apache2 - 2.4.54-2ubuntu1.2
Ubuntu 22.04
apache2 - 2.4.52-1ubuntu4.4
Ubuntu 20.04
apache2 - 2.4.41-4ubuntu3.14
Ubuntu 18.04
apache2 - 2.4.29-1ubuntu4.27
(2023-03-21 12:03)

[h2]Apache2 Rewrite AH10410 Symptom Description[/h2]

❓ SYMPTOM Description: You will start to see Google Search console reporting some 403 Forbidden HTTP Error around 2023-March about your product-rewrite page, catalog-rewrite page or tags-rewrite pages and these rewrite pages are with "Space (0x20, %20)".

for example
👉 https://vovo2000.com/tags/petit%20fancy/

❓ And these URLs were just 100% OK before January 2023 and February 2023 and you did NOT touch any thing in mod_rewrite section in your htaccess or site-config at all.


[h2]Fact & Issue Analysis[/h2]

✅ Fact 1: In fact, when you try to check access.log, it is 100% perfect with HTTP 200 OK for every time you check it.

✅ Fact 2: When you look at the apache2 error.log, you will see "AH10410: Rewritten query string contains control characters or spaces", and this is trigger by Apache2 HTTP mod_rewrite.


代碼:

[Tue Mar 16 10:44:05.479647 2023] [rewrite:error] [client 55.66.77.88:65176] AH10410: Rewritten query string contains control characters or spaces



✅ Fact 3: You did some Apache2 httpd upgrade (yum/dnf update or apt upgrade or something like this) around early of March 2023. In fact, though this CVE-2023-25690 is much like a mod_proxy patch, BUT HOWEVER, it did revise mod_rewrite & mod_rewrite_http2 as well.

✅ Analysis 4: Then, you look at this CVE patch in github or svn apache.org, you will see.

代碼:

Author:   covener
Date:   Sun Mar 5 20:28:43 2023 UTC
Changed paths:   7
Log Message:   
Merge r1908095 from trunk:

    don't forward invalid query strings

    Submitted by: rpluem

Reviewed By:  covener, fielding, rpluem, gbechis




Code diff of mod_rewrite.c
代碼:


modules/mappers/mod_rewrite.c
@@ -4729,6 +4729,17 @@ static int hook_uri2file(request_rec *r)
        unsigned skip;
        apr_size_t flen;

+        if (r->args && *(ap_scan_vchar_obstext(r->args))) {
+            /*
+             * We have a raw control character or a ' ' in r->args.
+             * Correct encoding was missed.
+             */
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10410)
+                          "Rewritten query string contains control "
+                          "characters or spaces");
+            return HTTP_FORBIDDEN;
+        }

        if (ACTION_STATUS == rulestatus) {
            int n = r->status;





ref: https://github.com/apache/httpd/commit/8789f6bb926fa4c33b4231a8444340515c82bdff
ref: https://svn.apache.org/viewvc?view=revision&revision=1908096

[h2]How to Quick Workaround[/h2]

✅ Workaround 1: This is NOT an issue of your cgi app, nor your scripts issue(python, java, php, ruby) since you didn't touch them at all. This is Apache2 RewriteRule issue, JUST try to add an [B] flag in the end of your RewriteRule before [QSA]

For example, Try to revise your rewrite conf or .htaccess.
代碼:

# ❌ BEFORE  (though it is 100% OK before 2023 Feb or Jan ...)
RewriteRule ^/product/(.*)/([0-9]*)$   /control/show_product.php?prod=$1&p=$2        [QSA]

# ✅ AFTER: Add a [B] flag in the rear of your rewrite rule, usually before [QSA]
RewriteRule ^/product/(.*)/([0-9]*)$   /control/show_product.php?prod=$1&p=$2        [B,QSA]



(Optional, Do an apache2 restart and)
then test again your "/product/good example product/" and this rewrite will become OK again!(2023-03-21 11:43)

帥阿,阿壽 🏀🏍️(2023-03-20 20:27)

不晚不晚,never too late.

新年快樂! 😁(2023-03-16 19:18)

❤️ ❤️(2023-03-15 20:37)

❤️ ❤️(2023-03-15 08:50)

❤️ ❤️ ❤️(2023-03-15 08:49)

❤️ ❤️(2023-03-11 15:30)

❤️ ❤️(2023-03-11 15:29)

❤️ ❤️(2023-03-11 15:29)

👍(2023-03-11 15:23)

[h2]Possible Symptoms[/h2]

代碼:


# You use compser to install Google Cloud API but you will see a lot of CLOSE_WAIT pending when doing "lsof" connect to "1e100.net"

# and then, these CLOSE_WAIT + (ESTABLISHED) will be exceed 1024

# Very likely you will see Too many open files.


$ lsof | grep -i '1e100.net'

php TCP YOUR_HOSTNAME:36144->nuq04s42-in-x0a.1e100.net:https (CLOSE_WAIT)
php TCP YOUR_HOSTNAME:36152->nuq04s42-in-x0a.1e100.net:https (CLOSE_WAIT)
php TCP YOUR_HOSTNAME:36156->nuq04s42-in-x0a.1e100.net:https (CLOSE_WAIT)
php TCP YOUR_HOSTNAME:36160->sfo03s24-in-x0a.1e100.net:https (CLOSE_WAIT)
php TCP YOUR_HOSTNAME:36160->sfo03s24-in-x0a.1e100.net:https (CLOSE_WAIT)



PHP Warning:  include(/YOUR-WORKING-FOLDER/vendor/guzzlehttp/guzzle/src/Exception/ConnectException.php): Failed to open stream: Too many open files in /YOUR-WORKING-FOLDER/vendor/composer/ClassLoader.php on line 571
PHP Warning:  include(): Failed opening '/YOUR-WORKING-FOLDER/vendor/composer/../guzzlehttp/guzzle/src/Exception/ConnectException.php' for inclusion (include_path='.:/usr/share/php') in /YOUR-WORKING-FOLDER/vendor/composer/ClassLoader.php on line 571
PHP Fatal error:  Uncaught Error: Class "GuzzleHttp\Exception\ConnectException" not found in /YOUR-WORKING-FOLDER/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:210


$ cat /proc/YOUR_SCRIPT_PID/limit | grep -i 'max open files'
✅ Max open files              1024               1024              files   





[h2]Workaround / Solution[/h2]

Just increase the ulimit.

代碼:

$ vi /etc/security/limits.conf

# -------------------------------------
# ADD the following lines, increase the value from 1024 to "16384" or more
# -------------------------------------
*         hard    nofile      16384
*         soft    nofile      16384
root      hard    nofile      16384
root      soft    nofile      16384

$ reboot

$ cat /proc/YOUR_SCRIPT_PID/limit | grep -i 'max open files'
✅  Max open files            16384               16384              files   




(2023-03-05 00:50)

❤️ 😄(2023-02-28 12:49)

👍 👍

這是闖關活動嗎?(2023-02-23 12:17)

👍 👍(2023-02-23 12:16)

👍 👍(2023-02-23 12:16)

前往頁面 ←上一頁  1 ... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 ... 559  下一頁→