search

Prajithp / ApacheBooster

This project has been taken over by Ndimensionz. New and bug free version of Apachebooster can be downloaded from
http://ndimensionz.com/apachebooster
20 stars 26 forks source link

Apache Server Side Include don't parse correctly #38

Closed alehostert closed 10 years ago

alehostert commented 10 years ago

Hey Prajith!

I see a issue today in a cPanel server with ApacheBooster. One site was using apache ssi (.shtml).

If accessed site.com/dir/, index.shtml was opened and parsed correctly. If accessed site.com/dir/index.shtml, the file was NOT parsed and shows only blank.

Every configuration was okay in apache and no custom changes are made on apachebooster config files.

When uninstalling apachebooster, the both access works: site.com/dir/ and site.com/dir/index.shtml.

Any idea?

Prajithp commented 10 years ago

Hey Alex,

Can you please send me your test ssi file? or please try to enable ssi in corresponding nginx vhost file. Anyway I will work look into this night and let you know.

Thanks,

Prajithp commented 10 years ago

Hey,

The ssi option is disabled in nginx by default, you can enable it by adding the following line in corresponding nginx vhost conf file, inside the location section (Please see the below example).

ssi on;

######## location / { location ~.*.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot)$ { expires 7d; try_files $uri @backend; ssi on; }

let us know if you still having the same pbm.

alehostert commented 10 years ago

Great Prajith.

Thank you for your answer!

alehostert commented 10 years ago

Hey Prajith.

Your conf tip works. I just put it to the top of vhost file:

server {
   ssi on;
   access_log off;
   error_log  logs/vhost-error_log
   [...]

But, the problem still happens. Not with the SSI, but with includes. Look this:

<body>
<!--#echo var="REMOTE_ADDR" --> [WORK]
     <div id="top">
        <!--#include virtual="../top.htm"--> [DON'T WORK]
      </div>
<body>
<!--#echo var="REMOTE_ADDR" --> [WORK]
     <div id="top">
        <!--#include virtual="top.htm"--> [WORK]
      </div>

Obviously, the file called top.htm is located in same dir on second example.

alehostert commented 10 years ago

And now I found logs :)

2014/04/14 15:57:53 [error] 8948#0: *65958 unsafe URI "/dir/../top.htm" was detected while sending response to client, client: X.X.X.X, server: domain.com, request: "GET /dir/index.shtml HTTP/1.1", host: "www.domain.com"