[Solved] Alls page and subdomain returns 404 with 1.4.60
Added by zebul66 over 3 years ago
Hi.
I just noticed that after the upgrade to 1.4.60, all the pages on all subdomains returns a 404.
Downgrading to 1.4.59, while keeping everything the same, is just working fine.
I am using lighttpd on archlinux-arm (armv7h) on a rpi3b
here is my config file:
I am serving 2 flask python app and 2 static html files for 4 sites.
server.document-root = "/home/cassini/something/www"
server.port = 32644
server.tag = "'; DROP TABLE servertypes; --"
server.pid-file = "/run/lighttpd/pid"
server.username = "http"
server.groupname = "http"
server.error-handler-404 = "/error-404.html"
server.errorlog-use-syslog = "enable"
server.modules = (
"mod_proxy",
"mod_setenv",
# "mod_deflate",
"mod_openssl",
"mod_fastcgi",
"mod_accesslog",
"mod_alias",
"mod_rewrite",
"mod_auth",
"mod_authn_file"
)
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/example.com/server.pem"
ssl.ca-file = "/etc/letsencrypt/live/example.com/chain.pem"
#deflate.mimetypes = (
# "application/x-javascript",
# "application/javascript",
# "text/javascript",
# "text/x-js",
# "text/css",
# "text/html",
# "text/plain",
# "application/json",
# "application/x-protobuf"
#)
#deflate.allowed-encodings = ("bzip2", "gzip", "deflate")
#deflate.compression-level = 6
#deflate.min-compress-size = 1500
setenv.add-response-header = (
"X-Content-Type-Options" => "nosniff",
"X-Frame-Options" => "DENY",
"X-XSS-Protection" => "1; mode=block",
"Referrer-Policy" => "same-origin",
"Strict-Transport-Security" => "max-age=15768000",
"Content-Security-Policy" => "default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; img-src 'self' https://*.tile.openstreetmap.org https://tile.thunderforest.com data:; connect-src 'self' https://api.wigle.net;",
)
accesslog.use-syslog = "enable"
mimetype.assign = (
".html" => "text/html",
".txt" => "text/plain",
".jpg" => "image/jpeg",
".png" => "image/png",
".js" => "application/javascript",
".gif" => "image/gif",
".css" => "text/css; charset=utf-8",
".svg" => "image/svg+xml"
)
$HTTP["host"] == "example.com" {
setenv.set-response-header = (
"Server" => "'; DROP TABLE servertypes; --"
)
proxy.server = ( "" => ( ( "host" => "somehost123", "port" => "5556" ) ) )
proxy.header = (
"https-remap" => "enable",
)
}
$HTTP["host"] == "ifttt.example.com" {
server.document-root = "/home/ifttt"
fastcgi.server = ("/ifttt.fcgi" =>
((
"socket" => "/home/ifttt/ifttt-fcgi.sock",
"check-local" => "disable",
"max-procs" => 1
))
)
url.rewrite-once = (
"^(/.*)$" => "/ifttt.fcgi$1"
)
}
$HTTP["host"] == "munin.example.com" {
auth.backend = "plain"
auth.backend.plain.userfile = "/etc/lighttpd/userfile.plain"
auth.require = ("" => ("method" => "basic", "realm" => "munin", "require" => "valid-user") )
server.document-root = "/srv/http/munin/"
index-file.names = ( "index.html" )
}
$HTTP["host"] == "knots.example.com" {
server.document-root = "/srv/http/knots/"
index-file.names = ( "index.html" )
}
# vim: set syntax=lighttpd:
Replies (8)
RE: Alls page and subdomain returns 404 with 1.4.60 - Added by zebul66 over 3 years ago
OK. So with help from @gps on lighttpd irc chan, and enabling debug variable, the obvious problem is:
(configfile-glue.c.506) $HTTP["host"] == "munin.example.com" compare to munin.example.com:32644 oct. 15 09:52:27 ymir lighttpd[31108]: (configfile-glue.c.368) 3 (uncached) result: false (cond: global / $HTTP["host"] == "munin.example.com")
I let the devs decide if it is a bug or not.
Running on a non standard port (because of my ISP, I don't have access to all IPv4 ports),the host includes now the port and fails the condionnal in the config file.
either add the port in host comparison in config file, or downgrade to 1.4.59
RE: Alls page and subdomain returns 404 with 1.4.60 - Added by gstrauss over 3 years ago
I let the devs decide if it is a bug or not.
Yes. Still deciding ...
From a quick scan of the commits, it looks like this may have changed in commit 1de03a03, though I need to look more closely to confirm.
Running on a non standard port (because of my ISP, I don't have access to all IPv4 ports),the host includes now the port and fails the condionnal in the config file.
either add the port in host comparison in config file, or downgrade to 1.4.59
lighttpd wiki front page has a link to Configuration: File Syntax, which includes documentation for the config file syntax $HTTP["host"]
Instead of downgrading, you could explicitly match with the port$HTTP["host"] == "munin.example.com:32644"
or you could be explicit that you want to match whether or not the port is present, and to ignore the port.$HTTP["host"] =~ "^munin.example.com(?:$|:)"
RE: Alls page and subdomain returns 404 with 1.4.60 - Added by gstrauss over 3 years ago
@zebul66
I don't see the behavior you are suggesting. I tested with the following and if the client provided munin.example.com:8080, it matched the munin.example.com host condition, as I expected.
echo aaa > /dev/shm/index.txtmkdir /dev/shm/bbbecho bbb > /dev/shm/bbb/index.txt
lighttpd.conf:
server.port = 8080
server.document-root = "/dev/shm"
$HTTP["host"] == "munin.example.com" {
server.document-root = "/dev/shm/bbb"
}
$ curl -H "Host: munin.example.com:8080" http://localhost:8080/index.txt bbb $ curl -H "Host: munin.example.com" http://localhost:8080/index.txt bbb $ curl -H "Host: other.example.com" http://localhost:8080/index.txt aaa $ curl http://localhost:8080/index.txt aaa
Please test with debug.log-request-header = "enable" and check the lighttpd error log to see what the client is sending.
RE: Alls page and subdomain returns 404 with 1.4.60 - Added by zebul66 over 3 years ago
As you can see im my config file, I have defined a server.document-root but this is cosmetic, because I don't use it. The directory does not even exist.
In my test I tried to get munin.example.com:32644/somehost/somehost/index.html, so this fails with 404.
If I create the server-document-root and put there a mock index.html, then this is that mock file that is served.
The full path of the file served is then /home/cassini/something/www/somehost/somehost/index.html instead of the expected /srv/http/munin/somehost/somehost/index.html
So the condtionnal fails and lighttpd falls back to serve something from server-document-root instead.
This is why you are seeing what you describe.
RE: Alls page and subdomain returns 404 with 1.4.60 - Added by gstrauss over 3 years ago
Sorry. I am still not following you. Would you please use enable some debugging in lighttpd.conf and show me some examples of requests that matched the condition and those that did not?debug.log-request-header = "enable"debug.log-response-header = "enable"debug.log-condition-handling = "enable"
RE: Alls page and subdomain returns 404 with 1.4.60 - Added by zebul66 over 3 years ago
Attached a log of a single request that fails with a 404.
I don't think I can find some working request because everything returns a 404.
If you want to reproduce the bug with your test, use instead:
mkdir /tmp/aaa # but leave it empty mkdir /dev/shm/bbb echo bbb > /dev/shm/bbb/index.txt
server.port = 32644
server.document-root = "/tmp/aaa"
$HTTP["host"] == "munin.example.com" {
server.document-root = "/dev/shm/bbb"
}
| lighttpd.log (9.75 KB) lighttpd.log |
RE: Alls page and subdomain returns 404 with 1.4.60 - Added by gstrauss over 3 years ago
Ah. It does not work with 5 digit port numbers, but smaller is ok. I was not including the ':' in the count and had tested with port 8080, then changed to 32644 in the post above (to match what you had posted). [Note: re-edited back to 8080 above]
--- a/src/configfile-glue.c
+++ b/src/configfile-glue.c
@@ -521,7 +521,7 @@ static cond_result_t config_check_cond_nocache(request_st * const r, const data_
/*(r->uri.authority lowercased during request parsing)*/
if (llen && llen != dlen) {
match ^= ((llen > dlen)
- ? l->ptr[dlen] == ':' && llen - dlen <= 5
+ ? l->ptr[dlen] == ':' && llen - dlen <= 6
: dc->string.ptr[(dlen = llen)] == ':')
&& 0 == memcmp(l->ptr, dc->string.ptr, dlen);
break;
RE: [Solved] Alls page and subdomain returns 404 with 1.4.60 - Added by zebul66 over 3 years ago
yes. confirming that the patch fixes the issue.