首頁 繪圖設計 工作閒聊 比賽活動 美術討論 標籤 圖片
Apache2 403:AH10410 Rewritten query string contains control characters or spaces
Apache2 403:AH10410 Rewritten query string contains control characters or spaces
Type(Type) 2023/3/21 16:01 (Since 2023/3/21 11:43)

Apache2 Rewrite AH10410 Symptom Description



❓ SYMPTOM Description: You will start to see Google Search console reporting some 403 Forbidden HTTP Error around 2023-March about your product-rewrite page, catalog-rewrite page or tags-rewrite pages and these rewrite pages are with "Space (0x20, %20)".

for example
👉 https://vovo2000.com/tags/petit%20fancy/

❓ And these URLs were just 100% OK before January 2023 and February 2023 and you did NOT touch any thing in mod_rewrite section in your htaccess or site-config at all.


Fact & Issue Analysis



✅ Fact 1: In fact, when you try to check access.log, it is 100% perfect with HTTP 200 OK for every time you check it.

✅ Fact 2: When you look at the apache2 error.log, you will see "AH10410: Rewritten query string contains control characters or spaces", and this is trigger by Apache2 HTTP mod_rewrite.


代碼:

[Tue Mar 16 10:44:05.479647 2023] [rewrite:error] [client 55.66.77.88:65176] AH10410: Rewritten query string contains control characters or spaces



✅ Fact 3: You did some Apache2 httpd upgrade (yum/dnf update or apt upgrade or something like this) around early of March 2023. In fact, though this CVE-2023-25690 is much like a mod_proxy patch, BUT HOWEVER, it did revise mod_rewrite & mod_rewrite_http2 as well.

✅ Analysis 4: Then, you look at this CVE patch in github or svn apache.org, you will see.

代碼:

Author:   covener
Date:   Sun Mar 5 20:28:43 2023 UTC
Changed paths:   7
Log Message:   
Merge r1908095 from trunk:

    don't forward invalid query strings

    Submitted by: rpluem

Reviewed By:  covener, fielding, rpluem, gbechis




Code diff of mod_rewrite.c
代碼:


modules/mappers/mod_rewrite.c
@@ -4729,6 +4729,17 @@ static int hook_uri2file(request_rec *r)
        unsigned skip;
        apr_size_t flen;

+        if (r->args && *(ap_scan_vchar_obstext(r->args))) {
+            /*
+             * We have a raw control character or a ' ' in r->args.
+             * Correct encoding was missed.
+             */
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10410)
+                          "Rewritten query string contains control "
+                          "characters or spaces");
+            return HTTP_FORBIDDEN;
+        }

        if (ACTION_STATUS == rulestatus) {
            int n = r->status;





ref: https://github.com/apache/httpd/commit/8789f6bb926fa4c33b4231a8444340515c82bdff
ref: https://svn.apache.org/viewvc?view=revision&revision=1908096

How to Quick Workaround



✅ Workaround 1: This is NOT an issue of your cgi app, nor your scripts issue(python, java, php, ruby) since you didn't touch them at all. This is Apache2 RewriteRule issue, JUST try to add an [B] flag in the end of your RewriteRule before [QSA]

For example, Try to revise your rewrite conf or .htaccess.
代碼:

# ❌ BEFORE  (though it is 100% OK before 2023 Feb or Jan ...)
RewriteRule ^/product/(.*)/([0-9]*)$   /control/show_product.php?prod=$1&p=$2        [QSA]

# ✅ AFTER: Add a [B] flag in the rear of your rewrite rule, usually before [QSA]
RewriteRule ^/product/(.*)/([0-9]*)$   /control/show_product.php?prod=$1&p=$2        [B,QSA]



(Optional, Do an apache2 restart and)
then test again your "/product/good example product/" and this rewrite will become OK again!
Type(Type) 2023/3/21 12:03

More RHEL/Ubuntu References about CVE-2023-25690



https://access.redhat.com/security/cve/cve-2023-25690
https://ubuntu.com/security/notices/USN-5942-1


Please use "apache2 -v" or "httpd -v" to check your apache2 version

Ubuntu 22.10: apache2 - 2.4.54-2ubuntu1.2
Ubuntu 22.04: apache2 - 2.4.52-1ubuntu4.4
Ubuntu 20.04: apache2 - 2.4.41-4ubuntu3.14
Ubuntu 18.04: apache2 - 2.4.29-1ubuntu4.27


代碼:

USN-5942-1: Apache HTTP Server vulnerabilities
9 March 2023

Several security issues were fixed in Apache HTTP Server.

Releases
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS
Packages
apache2 - Apache HTTP seraver
Details
Lars Krapf discovered that the Apache HTTP Server mod_proxy module
incorrectly handled certain configurations. A remote attacker could
possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2023-25690)

Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server
mod_proxy_uwsgi module incorrectly handled certain special characters. A
remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.0

Ubuntu 22.10
apache2 - 2.4.54-2ubuntu1.2
Ubuntu 22.04
apache2 - 2.4.52-1ubuntu4.4
Ubuntu 20.04
apache2 - 2.4.41-4ubuntu3.14
Ubuntu 18.04
apache2 - 2.4.29-1ubuntu4.27
Type(Type) 2023/3/21 12:06

More reference for [B] flag in Apache2 RewriteRule


👍 https://httpd.apache.org/docs/2.4/rewrite/flags.html

引言回覆:

The [B] flag instructs RewriteRule to escape non-alphanumeric characters before applying the transformation.
(6,862 views)
[更多討論] 討論區 Windows, Linux, Perl, PHP, C/C++, Driver, Web 理論、應用、硬體、軟體

"Apache2 403:AH10410 Rewritten query string contains control characters or spaces" 傳統頁面(電腦版)

首頁 繪圖設計 工作閒聊 比賽活動 美術討論 標籤 圖片
傳統桌面版 [ 登入/註冊 ]
© Vovo2000.com Mobile Version 小哈手機版 2024