Project

General

Profile

[UE] (broken) user custom code is working in IE, but not working in Chrome and Edge

Added by pisces over 1 year ago

Hello
Based on the latest 1.4.66 version and embedded Linux system, we developed the lighttpd webserver.
After testing, our web pages is working well in IE browser.
But when using Chrome browser open the home page, it had no response:

am I missing some crucial config ?

thanks.

Our configs are as below:
[2022/9/14 16:03:42] Start lighttpd
[2022/9/14 16:03:42] config-read=/images/data/conf/lighttpd.conf, used=0
[2022/9/14 16:03:42] after assert,fn=/images/data/conf/lighttpd.conf,used=1
[2022/9/14 16:03:42] frank: open configfile=/images/data/conf/lighttpd.conf, cnt=1
[2022/9/14 16:03:42] ret=0
[2022/9/14 16:03:42] Frank:srvconf.h2proto=0
[2022/9/14 16:03:42] [lighttpd] modules dir:/usr/lib
[2022/9/14 16:03:42] config {
[2022/9/14 16:03:42] var.CWD = "/"
[2022/9/14 16:03:42] var.PID = 966
[2022/9/14 16:03:42] var.basedir = "/data"
[2022/9/14 16:03:42] var.log_root = "/data/var/log"
[2022/9/14 16:03:42] var.server_root = "/data/www"
[2022/9/14 16:03:42] var.state_dir = "/data/var/run"
[2022/9/14 16:03:42] var.home_dir = "/data/lib"
[2022/9/14 16:03:42] var.conf_dir = "/data/config"
[2022/9/14 16:03:42] var.vhosts_dir = "/data/www/vhosts"
[2022/9/14 16:03:42] var.cache_dir = "/data/var/cache"
[2022/9/14 16:03:42] var.socket_dir = "/data/lib/sockets"
[2022/9/14 16:03:42] server.modules = (
[2022/9/14 16:03:42] "mod_redirect",
[2022/9/14 16:03:42] "mod_rewrite",
[2022/9/14 16:03:42] "mod_ns4",
[2022/9/14 16:03:42] "mod_setenv",
[2022/9/14 16:03:42] "mod_usertrack",
[2022/9/14 16:03:42] "mod_openssl",
[2022/9/14 16:03:42] )
[2022/9/14 16:03:42] server.document-root = "/usr/web"
[2022/9/14 16:03:42] server.feature-flags = (
[2022/9/14 16:03:42] "server.h2proto" => "disable",
[2022/9/14 16:03:42] )
[2022/9/14 16:03:42] server.errorlog = "/images/error.log"
[2022/9/14 16:03:42] server.event-handler = "linux-sysepoll"
[2022/9/14 16:03:42] server.max-fds = 2048
[2022/9/14 16:03:42] server.stat-cache-engine = "simple"
[2022/9/14 16:03:42] server.max-connections = 1024
[2022/9/14 16:03:42] server.max-keep-alive-requests = 65535
[2022/9/14 16:03:42] url.rewrite = (
[2022/9/14 16:03:42] "^/$" => "/login.asp",
[2022/9/14 16:03:42] )
[2022/9/14 16:03:42] static-file.exclude-extensions = (
[2022/9/14 16:03:42] ".php",
[2022/9/14 16:03:42] ".pl",
[2022/9/14 16:03:42] ".fcgi",
[2022/9/14 16:03:42] ".scgi",
[2022/9/14 16:03:42] ".asp",
[2022/9/14 16:03:42] ".csv",
[2022/9/14 16:03:42] )
[2022/9/14 16:03:42] ns4.array = (".asp", ".csv", "/goform/")
[2022/9/14 16:03:42] server.follow-symlink = "enable"
[2022/9/14 16:03:42] server.upload-dirs = ("/data/var/tmp")
[2022/9/14 16:03:42] server.reject-expect-100-with-417 = "disable"
[2022/9/14 16:03:42] server.port = 443
[2022/9/14 16:03:42] ssl.engine = "enable"
[2022/9/14 16:03:42] ssl.pemfile = "/images/data/certs/server.pem"
[2022/9/14 16:03:42] ssl.honor-cipher-order = "enable"
[2022/9/14 16:03:42] ssl.cipher-list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
[2022/9/14 16:03:42] mimetype.use-xattr = "disable"
[2022/9/14 16:03:42] mimetype.assign = (
[2022/9/14 16:03:42] ".pdf" => "application/pdf",
[2022/9/14 16:03:42] ".sig" => "application/pgp-signature",
[2022/9/14 16:03:42] ".spl" => "application/futuresplash",
[2022/9/14 16:03:42] ".class" => "application/octet-stream",
[2022/9/14 16:03:42] ".ps" => "application/postscript",
[2022/9/14 16:03:42] ".torrent" => "application/x-bittorrent",
[2022/9/14 16:03:42] ".dvi" => "application/x-dvi",
[2022/9/14 16:03:42] ".gz" => "application/x-gzip",
[2022/9/14 16:03:42] ".pac" => "application/x-ns-proxy-autoconfig",
[2022/9/14 16:03:42] ".swf" => "application/x-shockwave-flash",
[2022/9/14 16:03:42] ".tar.gz" => "application/x-tgz",
[2022/9/14 16:03:42] ".tgz" => "application/x-tgz",
[2022/9/14 16:03:42] ".tar" => "application/x-tar",
[2022/9/14 16:03:42] ".zip" => "application/zip",
[2022/9/14 16:03:42] ".mp3" => "audio/mpeg",
[2022/9/14 16:03:42] ".m3u" => "audio/x-mpegurl",
[2022/9/14 16:03:42] ".wma" => "audio/x-ms-wma",
[2022/9/14 16:03:42] ".wax" => "audio/x-ms-wax",
[2022/9/14 16:03:42] ".ogg" => "application/ogg",
[2022/9/14 16:03:42] ".wav" => "audio/x-wav",
[2022/9/14 16:03:42] ".gif" => "image/gif",
[2022/9/14 16:03:42] ".jpg" => "image/jpeg",
[2022/9/14 16:03:42] ".jpeg" => "image/jpeg",
[2022/9/14 16:03:42] ".png" => "image/png",
[2022/9/14 16:03:42] ".xbm" => "image/x-xbitmap",
[2022/9/14 16:03:42] ".xpm" => "image/x-xpixmap",
[2022/9/14 16:03:42] ".xwd" => "image/x-xwindowdump",
[2022/9/14 16:03:42] ".css" => "text/css",
[2022/9/14 16:03:42] ".html" => "text/html",
[2022/9/14 16:03:42] ".htm" => "text/html",
[2022/9/14 16:03:42] ".js" => "text/javascript",
[2022/9/14 16:03:42] ".asc" => "text/plain",
[2022/9/14 16:03:42] ".c" => "text/plain",
[2022/9/14 16:03:42] ".cpp" => "text/plain",
[2022/9/14 16:03:42] ".log" => "text/plain",
[2022/9/14 16:03:42] ".conf" => "text/plain",
[2022/9/14 16:03:42] ".text" => "text/plain",
[2022/9/14 16:03:42] ".txt" => "text/plain",
[2022/9/14 16:03:42] ".spec" => "text/plain",
[2022/9/14 16:03:42] ".dtd" => "text/xml",
[2022/9/14 16:03:42] ".xml" => "text/xml",
[2022/9/14 16:03:42] ".mpeg" => "video/mpeg",
[2022/9/14 16:03:42] ".mpg" => "video/mpeg",
[2022/9/14 16:03:42] ".mov" => "video/quicktime",
[2022/9/14 16:03:42] ".qt" => "video/quicktime",
[2022/9/14 16:03:42] ".avi" => "video/x-msvideo",
[2022/9/14 16:03:42] ".asf" => "video/x-ms-asf",
[2022/9/14 16:03:42] ".asx" => "video/x-ms-asf",
[2022/9/14 16:03:42] ".wmv" => "video/x-ms-wmv",
[2022/9/14 16:03:42] ".bz2" => "application/x-bzip",
[2022/9/14 16:03:42] ".tbz" => "application/x-bzip-compressed-tar",
[2022/9/14 16:03:42] ".tar.bz2" => "application/x-bzip-compressed-tar",
[2022/9/14 16:03:42] ".rpm" => "application/x-rpm",
[2022/9/14 16:03:42] ".json" => "application/json",
[2022/9/14 16:03:42] ".asp" => "text/html",
[2022/9/14 16:03:42] ".csv" => "text/csv",
[2022/9/14 16:03:42] "" => "application/octet-stream",
[2022/9/14 16:03:42] )
[2022/9/14 16:03:42]
[2022/9/14 16:03:42]
[2022/9/14 16:03:42] $HTTP["referer"] !~ "\.*secure/networksettings.asp\.*" {
[2022/9/14 16:03:42] # block 1
[2022/9/14 16:03:42]
[2022/9/14 16:03:42]
[2022/9/14 16:03:42] $HTTP["url"] =~ "\.(cer|crt)" {
[2022/9/14 16:03:42] # block 2
[2022/9/14 16:03:42] url.redirect = (
[2022/9/14 16:03:42] "(.*)" => "",
[2022/9/14 16:03:42] )
[2022/9/14 16:03:42]
[2022/9/14 16:03:42] } # end of $HTTP["url"] =~ "\.(cer|crt)"
[2022/9/14 16:03:42] } # end of $HTTP["referer"] !~ "\.*secure/networksettings.asp\.*"
[2022/9/14 16:03:42]
[2022/9/14 16:03:42] $HTTP["url"] =$ ".pdf" {
[2022/9/14 16:03:42] # block 3
[2022/9/14 16:03:42] server.range-requests = "disable"
[2022/9/14 16:03:42]
[2022/9/14 16:03:42] } # end of $HTTP["url"] =$ ".pdf"
[2022/9/14 16:03:42]
[2022/9/14 16:03:42] $HTTP["scheme"] == "http" {
[2022/9/14 16:03:42] # block 4
[2022/9/14 16:03:42]
[2022/9/14 16:03:42]
[2022/9/14 16:03:42] $HTTP["host"] =~ "(.*)" {
[2022/9/14 16:03:42] # block 5
[2022/9/14 16:03:42] url.redirect = (
[2022/9/14 16:03:42] "^/(.*)" => "https://%1/",
[2022/9/14 16:03:42] )
[2022/9/14 16:03:42]
[2022/9/14 16:03:42] } # end of $HTTP["host"] =~ "(.*)"
[2022/9/14 16:03:42] } # end of $HTTP["scheme"] "http"
[2022/9/14 16:03:42]
[2022/9/14 16:03:42] $HTTP["scheme"] "https" {
[2022/9/14 16:03:42] # block 6
[2022/9/14 16:03:42] setenv.add-response-header = (
[2022/9/14 16:03:42] "Strict-Transport-Security" => "max-age=63072000; includeSubdomains; preload",
[2022/9/14 16:03:42] "X-Frame-Options" => "DENY",
[2022/9/14 16:03:42] "Content-Security-Policy" => "script-src 'self' 'unsafe-inline' 'unsafe-eval'",
[2022/9/14 16:03:42] )
[2022/9/14 16:03:42] usertrack.cookie-attrs = "; Secure; HttpOnly"
[2022/9/14 16:03:42]
[2022/9/14 16:03:42] } # end of $HTTP["scheme"] == "https"
[2022/9/14 16:03:42] }


Replies (6)

RE: lighttpd1.4.66 working in IE, but not working in Chrome and Edge - Added by gstrauss over 1 year ago

am I missing some crucial config ?

Yes, you're missing a lot. If you "troubleshoot" by taking screenshots and posting the absolutely useless say-nothing "friendly" "error messages" from browsers, then you do not know how to troubleshoot. I am not surpised to see .asp pages in your config along with your Windows helplessness.

"mod_ns4" is not an official lighttpd module and must be something custom. Is that the source of your problem?

See lighttpd DebugVariables
What are the request and response headers?
Is there any trace in the lighttpd error log?

When did lighttpd last work for you? Did a prior version work? If so, what changed on your system since then?

RE: lighttpd1.4.66 working in IE, but not working in Chrome and Edge - Added by pisces over 1 year ago

Thanks for you reply!
I found the root cause.

just as the picture, we need to reduce 1 there, otherwise the response header will not be parsed by Chrome browser properly.

Btw, we want to download a prox 3MB upgrading package to our board, downloading to buffer not temp file.
we found the below logs:

r->reqbody_queue.first->mem->used =8193,r->reqbody_length=3413217

the req body length(3413217) is right, but the req body had only received 8193(8192+1) bytes, not malloc enough buffer to store file.

I tried to modify the chunk_buf_sz in chunk.c from 8192 to 15MB, but still not working.the r->reqbody_queue.first->mem->used is still 8193.

why I need to modify to make the lighttd to receive large size file to buffer ?
Thanks.

RE: [UE] lighttpd1.4.66 working in IE, but not working in Chrome and Edge - Added by gstrauss over 1 year ago

The code you have posted is not from the official lighttpd source code.

I presume it is your poorly written mod_ns4. I say poorly written since it does not follow the most basic programming practices that lighttpd has now followed for over 7 years. In most cases, (buffer *) used and size members are not access directly. You would not have had this issue if the code used BUF_PTR_LEN(mime) instead of mime->ptr, mime->used-1. Your previous code should also be broken on every previous version of lighttpd since you or your peer developer modified the code to use http_header_response_set() with an incorrect length argument (mime->used).

Btw, we want to download a prox 3MB upgrading package to our board, downloading to buffer not temp file.

You have not explained why lighttpd's default behavior is unwanted. You also have not read lighttpd's documentation which provides multiple configuration options for temp file handling without you needing to write custom code.

I tried to modify the chunk_buf_sz in chunk.c from 8192 to 15MB, but still not working.the r->reqbody_queue.first->mem->used is still 8193.
why I need to modify to make the lighttd to receive large size file to buffer ?

RTFM. Configuration: Options server.chunkqueue-chunk-sz
Why are you trying to modify lighttpd's code? You are not very good at it.

RE: [UE] (broken) user custom code is working in IE, but not working in Chrome and Edge - Added by pisces over 1 year ago

Thanks your quick reply.
sure, I am a new webserver developer. Our webserver was based on 1.4.35 which was developed many years ago by my peer who had gone.

Now we want to upgrade it to latest version.
I had config server.chunkqueue-chunk-sz ="8388608" (8MB) in lighttpd.conf file.

after I download a prox 3.4MB file into board, this file failed to buffer to mem.
I found the below logs:

r->reqbody_queue.first->mem->used =16356,r->reqbody_length=3413223

3413223 is our length of file, but the used is wrong, not malloc enough mem for store the content of our file.

any ideas here ? may I miss some configs ?
Thanks.

RE: [UE] (broken) user custom code is working in IE, but not working in Chrome and Edge - Added by gstrauss over 1 year ago

Whatever was done for lighttpd 1.4.35 probably no longer needs to be done with lighttpd 1.4.67.
You should try to understand why your peer wrote mod_ns4 and then determine if what you need to do can be done without custom code.
I have encountered many uses of lighttpd on embedded systems, and a simple CGI script is frequently used to handle firmware uploads.

As http_header_response_set() did not exist in lighttpd 1.4.35, it is likely that you are the one who introduced that bug.

.

In various places in the code, lighttpd spills to temporary files for data exceeding 64k and 128k. If you need to store the request body completely in memory, then you should allocate that memory yourself and should consume from r->reqbody_queue, allowing r->reqbody_queue memory to be reused.

If you are unable to do what you need to do in a CGI script (and you really should try), then you might ask your boss send an RFP to me describing the work, and to pay me to do it. However, I am not going to do your work for you. Your boss should re-evaluate why you were assigned this project and why your company is still using lighttpd 1.4.35 (released Mar 2014) with known security issues. Perhaps it would be easier to upgrade lighttpd if you were not using a (probably) unnecessary custom C module.

RE: [UE] (broken) user custom code is working in IE, but not working in Chrome and Edge - Added by pisces over 1 year ago

Hi gstrauss,

Thanks for your advices. For CGI script, we will consider it in the future.
Now I tried to download the 3MB file into temp file not memory.
After downloading, I found the below logs:
reqbody_query=/images/lighttpd-upload-fBdVwo
But in my board, in the path: /images I didn't find this lighttpd-upload-fBdVwo file.
and also have no error logs output. it's very strange.

The above is my config.

    (1-6/6)