unable to use a sub path for misp url behind proxy

[Quyrean]

Work environment

Questions	Answers
Type of issue	Bug
OS version (server)	Red Hat Enterprise Linux Server release 7.7 (Maipo)
OS version (client)	MacOS mojave v10.14.4
PHP version	PHP 7.2.24 (cli) (built: Oct 30 2019 04:12:25) ( NTS )
MISP version / git hash	MISP 2.4.117 I don't know the hash
Browser	firefox 72.0.1(64-bit)

Expected behavior

My misp is located at something like:

https://testproxy.com/misp/

(login page is https://testproxy.com/misp/users/login)

the browser redirect back after login is incorrect and all the css, js, and other redirects are missing the "/misp" part. I have set the base url to "https://testproxy.com/misp/"

this appears to be like https://github.com/MISP/MISP/issues/1431 If you would like to report a bug, please fill the template bellow

Expected behavior: the redirect goes to "https://testproxy.com/misp/users/login?%2Fusers%2Flogin=". or something similar. The css and js files are pointing to the correct url and show up.

Actual behavior

the browser redirect back after login is incorrect and all the css, js, and other redirects are missing the "/misp" part. I have set the base url to "https://testproxy.com/misp/"

none of the css shows up either.

Steps to reproduce the behavior

setup a proxy to redirect misp to xxx.com/another-path try to login

Logs, screenshots, configuration dump, ...

screen shot of login page

full html for page Users - MISP.txt

some examples: <form action="//users/login?%2Fusers%2Flogin=" id="UserLoginForm" method="post" accept-charset="utf-8"><div style="display:none;"><input type="hidden" name="_method" value="POST"/><input type="hidden" name="data[_Token][key]" value="7f7d19a6b53de0db615fb90964eb078f81bdf39ea76513e09dea697a5c322a0f73304fe12f7f6c1e8a9db7667a4fa4c595d1f201bac986210babd39525bb979d" id="Token612394077" autocomplete="off"/></div> <legend>Login</legend>

<link rel="stylesheet" type="text/css" href="/css/bootstrap.css"/><link rel="stylesheet" type="text/css" href="/css/bootstrap-datepicker.css"/><link rel="stylesheet" type="text/css" href="/css/bootstrap-colorpicker.css"/><link rel="stylesheet" type="text/css" href="/css/famfamfam-flags.css"/><link rel="stylesheet" type="text/css" href="/css/font-awesome.css"/><link rel="stylesheet" type="text/css" href="/css/jquery-ui.css"/><link rel="stylesheet" type="text/css" href="/css/chosen.min.css"/><link rel="stylesheet" type="text/css" href="/css/main.css"/><link rel="stylesheet" type="text/css" href="/css/print.css" media="print"/><script type="text/javascript" src="/js/jquery.js"></script><script type="text/javascript" src="/js/misp-touch.js"></script><script type="text/javascript" src="/js/jquery-ui.js"></script><script type="text/javascript" src="/js/chosen.jquery.min.js"></script><link href="/favicon.ico" type="image/x-icon" rel="icon"/><link href="/favicon.ico" type="image/x-icon" rel="shortcut icon"/>

Thanks for all your hard work.

[annetteshajan]

@Quyrean @SteveClement Any fix for this?

[be-mot]

Hello,

I seem to be running into the same issue with a virgin Ubuntu 20.04.2 and a virgin install of MISP 2.4.148 . Setting the Base URL to include a subpath breaks the loading of js, css, img and others. I see in the logs that CakePHP gives "missing JsController, missing ImgController" etc which seems to be indicative of an error with the rewriting on Apache level but haven't figured out yet exactly what is wrong, from what I can tell the .htaccess files haven't changed in ages and this worked before (I have another instance with MISP 2.4.129 where it's working as expected)

I'll keep searching, let me know if you have ideas on where to dig ! Thanks in advance !