search

bunkerity / bunkerweb

🛡️ Open-source and next-generation Web Application Firewall (WAF)
https://www.bunkerweb.io
GNU Affero General Public License v3.0
6.53k stars 367 forks source link

[BUG] Get empty page after reload page with challenge #866

Closed flexstat closed 7 months ago

flexstat commented 10 months ago

What happened?

Hello, dear developers, I found this behavior, possibly a bug. I'm using bunkerweb version 1.5.5. + docker-compose.yml

I raise the configuration, go to the page with the challenge in the browser (for example, captcha or hcaptcha), the page loads and the system offers to complete the challenge, but just stay on this page for some time, for example 6 minutes and refresh this page i get empty answer.

Well, and accordingly a blank page without anything.

I see this warning in the browser console:

That page is loaded in Quirks mode. This may affect the page layout. For Standards mode use "<!DOCTYPE html>".

How to reproduce?

You can reproduce the same error without waiting 6 - 10 minutes, for example, you can start the bunker, wait until everything is loaded, go to the host in the browser and see the challenge page, after I reloaded the bunker, I go to the challenge page and reload the page and see a blank response and a blank page, if I reload the page again then the challenge page will load correctly

Configuration file(s) (yaml or .env)

version: "3"

services:
  mybunker:
    image: bunkerity/bunkerweb:1.5.5
    ports:
      - 80:8080
      - 443:8443
    environment:
      - USE_ANTIBOT=captcha
      - API_WHITELIST_IP=127.0.0.0/8 15.20.30.0/24
      - SERVE_FILES=no
      - USE_CLIENT_CACHE=yes
      - USE_REVERSE_PROXY=yes
      - REVERSE_PROXY_URL=/
      - REVERSE_PROXY_HOST=http://app
      - |
        CUSTOM_CONF_HTTP_upstream.conf=
        upstream app {
          server ${SERVER_1}:80;
        }
      - USE_GZIP=yes
      - USE_BLACKLIST=no
      - USE_DNSBL=no
      - USE_BAD_BEHAVIOR=no
      - USE_MODSECURITY=no
      - USE_BUNKERNET=no

    labels:
      - "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
    networks:
      - bw-universe
      - bw-services

  bw-scheduler:
    image: bunkerity/bunkerweb-scheduler:1.5.5
    depends_on:
      - mybunker
    environment:
      - DOCKER_HOST=tcp://bw-docker-proxy:2375
    volumes:
      - ./bw-data:/data
    networks:
      - bw-universe
      - bw-docker

  bw-docker-proxy:
    image: tecnativa/docker-socket-proxy:nightly
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - CONTAINERS=1
      - LOG_LEVEL=warning
    networks:
      - bw-docker

  app1:
    image: tutum/hello-world
    networks:
      - bw-services

  app2:
    image: tutum/hello-world
    networks:
      - bw-services

volumes:
  bw-data:

networks:
  bw-services:
  bw-universe:
    ipam:
      driver: default
      config:
        - subnet: 15.20.30.0/24
  bw-docker:

Relevant log output

mybunker_1 | 2024/01/15 14:45:51 [notice] 82#82: 454 [ACCESS] antibot returned status 0 : displaying challenge to client, client: 5.255.100.26, server: www.example.com, request: "GET /challenge HTTP/1.1", host: "172.0.0.1"
mybunker_1 | 2024/01/15 14:45:51 [error] 82#82:454 [HEADER] antibot:header() failed : /usr/share/bunkerweb/core/antibot/antibot.lua:109: attempt to concatenate field 'nonce_style' (a nil value), client: 5.255.100.26, server: www.example.com, request: "GET /challenge HTTP/1.1", host: "172.0.0.1"
mybunker_1 | 172.0.0.1 6.155.0.40 - - [15/Jan/2024:14:45:51 +0000] "GET /challenge HTTP/1.1" 200 31 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv: 121.0) Gecko/20100101 Firefox/121.0"

BunkerWeb version

1.5.5

What integration are you using?

Docker

Linux distribution (if applicable)

No response

Removed private data

Code of Conduct

LeVraiRoiDHyrule commented 9 months ago

Hi, I am having what I think is the same issue. I have the same behaviour, with the following logs:

https://paste.hostux.net/?b359019559166365#7FdGdy4ZvU4nG8urZjLbfWoRcFHvYyoJ6ch1TfKMWBz9

I have repeating 2024/02/13 22:35:45 [notice] 756#756: *139 [ACCESS] antibot redirect to /challenge : redirecting client to the challenge uri, client: 2a02:aa13:8241:1300:2847:b45d:3d69:77d3, server: auth.mydomain.com, request: "GET /ui/console/co.76882952b77ef725.svg HTTP/2.0", host: "auth.mydomain.com" auth.mydomain.com 2a02:aa13:8241:1300:2847:b45d:3d69:77d3 - - [13/Feb/2024:22:35:45 +0100] "GET /ui/console/co.76882952b77ef725.svg HTTP/2.0" 302 138 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" And then 2024/02/13 22:35:45 [error] 756#756: *139 [HEADER] antibot:header() failed : /usr/share/bunkerweb/core/antibot/antibot.lua:109: attempt to concatenate field 'nonce_style' (a nil value), client: 2a02:aa13:8241:1300:2847:b45d:3d69:77d3, server: auth.mydomain.com, request: "GET /challenge HTTP/2.0", host: "auth.mydomain.com"

I don't get why antibot would interfere with my service. Thanks in advance for any answer

TheophileDiot commented 9 months ago

Hi @LeVraiRoiDHyrule, this will be fixed in the next release :smile:

fl0ppy-d1sk commented 7 months ago

Hello @flexstat and @LeVraiRoiDHyrule,

Fix should be available on the testing version, more info here : https://docs.bunkerweb.io/testing/

Don't hesitate to test it and tell us if everything is ok !

fl0ppy-d1sk commented 7 months ago

Hello @flexstat @LeVraiRoiDHyrule,

Fix is now available in the v1.5.6 release. Thanks for your feedback !