search

p0pr0ck5 / lua-resty-waf

High-performance WAF built on the OpenResty stack
GNU General Public License v3.0
1.28k stars 305 forks source link

Invalid URL Prefix Error #309

Open xemose opened 6 years ago

xemose commented 6 years ago

Problem: The following error shows up when the waf is executed through waf:exec(). It was working before, but something changed and it now gives out a 500 internal server error.

Error Log 2018/10/07 20:32:42 [error] 6830#0: *1 invalid URL prefix in "http://", client: 192.168.1.225, server: $http_host, request: "GET / HTTP/1.1", host: "test.beta:8080"

Edit: Found a more concise error log. There is a previous issue for this but there is no solution for it.

2018/10/07 21:29:50 [error] 636#0: *1 lua entry thread aborted: runtime error: /etc/nginx/library/resty/waf/load_ac.lua:76: attempt to call upvalue 'ac_create' (a nil value)
stack traceback:
coroutine 0:
    /etc/nginx/library/resty/waf/load_ac.lua: in function 'create_ac'
    /etc/nginx/library/resty/waf/operators.lua:259: in function </etc/nginx/library/resty/waf/operators.lua:252>
    /etc/nginx/library/resty/waf.lua:297: in function '_process_rule'
    /etc/nginx/library/resty/waf.lua:543: in function 'exec'
    access_by_lua(proxy.conf:29):8: in function <access_by_lua(proxy.conf:29):1>, client: 192.168.1.225, server: $http_host, request: "GET / HTTP/1.1", host: "test.beta:8080", referrer: "http://test.beta:8080/"

Installation Process: Used luarocks

Configuration:

server {
    set $template_location /html;
    listen 192.168.1.232:8080;
    server_name $http_host;

    location / {
        set $backend "";
        default_type text/html;
        access_by_lua_block {
            local template = require "resty.template"
            local ck = require "resty.cookie"
            local lua_resty_waf = require "resty.waf"
            local waf = lua_resty_waf:new()
                     waf:set_option("debug", true)
            waf:set_option("mode", "ACTIVE")
            waf:exec()
            local cookie, err = ck:new()
            if not cookie then
                        ngx.log(ngx.ERR, err)
                return
            end

            local verify, err = cookie:get("fireball")
            if verify then
                ngx.var.backend = "192.168.1.247"
            else
                template.render("verify.html", { website = ngx.var.host })
            end
        }
        proxy_pass http://$backend;
        proxy_set_header Host $host;
    }
}
p0pr0ck5 commented 6 years ago

Can you paste the debug logs here from when you see a failed request?

xemose commented 6 years ago

If I trigger the WAF on purpose it throws this error:

2018/10/13 16:52:55 [error] 1508#0: *3 lua entry thread aborted: runtime error: /etc/nginx/library/resty/waf/load_ac.lua:76: attempt to call upvalue 'ac_create' (a nil value)
stack traceback:
coroutine 0:
    /etc/nginx/library/resty/waf/load_ac.lua: in function 'create_ac'
    /etc/nginx/library/resty/waf/operators.lua:259: in function </etc/nginx/library/resty/waf/operators.lua:252>
    /etc/nginx/library/resty/waf.lua:297: in function '_process_rule'
    /etc/nginx/library/resty/waf.lua:543: in function 'exec'
    access_by_lua(proxy.conf:39):12: in function <access_by_lua(proxy.conf:39):1>, client: 172.31.98.150, server: _, request: "GET /?ok=%3Cscript%3Ealert(%27hi%27);%3C/script%3E HTTP/1.1", host: "test.beta:8080"

I solved the invalid URL prefix error by executing the WAF at the end of the block. It seems like when the WAF executed at the beginning it ignored all the code below and tried to do a proxy_pass with a blank variable. It works all fine if the WAF is not triggered, but as soon as it is triggered the 500 error appears. For now I have set the 500 error page to the WAF deny page. But I do need a permanent solution to this, I can't push this into production.

Thank You

p0pr0ck5 commented 6 years ago

It seems lua-resty-waf is not installed correctly. How did you install this?

xemose commented 6 years ago

I used luarocks to install it, using the command below.

luarocks install lua-resty-waf
xemose commented 6 years ago

Can someone help me resolve this issue?

V1og commented 4 years ago

hello xemose, have you solve this problem?

AlpYilmazz commented 3 years ago

@xemose @V1og This error means the waf module cannot find the lua-aho-corasick library which should have been installed as libac.so to /usr/local/openresty/site/lualib (check the Makefile), most probably this step is not the issue, probably the issue is that you should specify lua_package_cpath "/usr/local/openresty/site/lualib/?.so;;" directive in nginx conf file.