Closed Cryptophobia closed 5 years ago
This seems to be a problem when enabling Modsecurity module in the nginx router. Seems to be blocking the /v2 route.
/v2
When the nginx router has modsecurity disabled:
$ deis apps:list === Apps blah www slacking webster
Router logs:
2018/10/16 15:02:12 INFO: Router configuration has changed in k8s. 2018/10/16 15:02:12 INFO: Reloading nginx... 2018/10/16 15:02:12 INFO: nginx reloaded. [2018-10-16T15:02:24+00:00] - deis/deis-controller - 88.96.5.3 - - - 200 - "GET /v2/apps/?limit=100 HTTP/1.1" - 913 - "-" - "Deis Client v2.13.0" - "deis.testingdomain.com" - 99.123.555.343:80 - deis.testingdomain.com - 0.023 - 0.023
When the nginx router has modsecurity enabled:
$ deis apps:list Error: Unknown Error (400): error decoding json response (invalid character '<' looking for beginning of value): <html> <head><title>400 Bad Request</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <hr><center>nginx</center> </body> </html>
2018/10/16 14:53:52 INFO: Router configuration has changed in k8s. 2018/10/16 14:53:52 INFO: Reloading nginx... 2018/10/16 14:53:53 INFO: nginx reloaded. [2018-10-16T14:54:07+00:00] - deis/deis-controller - 88.96.5.3 - - - 400 - "GET /v2/apps/?limit=100 HTTP/1.1" - 356 - "-" - "Deis Client v2.13.0" - "deis.testingdomain.com" - - - deis.testingdomain.com - - - 0.000 [2018-10-16T14:54:27+00:00] - deis/deis-controller - 88.96.5.3 - - - 301 - "GET /v2/ HTTP/1.1" - 371 - "-" - "Deis Client v2.13.0" - "deis.testingdomain.com" - - - deis.testingdomain.com - - - 0.000 [2018-10-16T14:54:28+00:00] - deis/deis-controller - 88.96.5.3 - - - 401 - "GET /v2/ HTTP/1.1" - 449 - "http://deis.testingdomain.com/v2/" - "Go-http-client/1.1" - "deis.testingdomain.com" - 99.123.555.343:80 - deis.testingdomain.com - 0.006 - 0.006 [2018-10-16T14:54:30+00:00] - deis/deis-controller - 88.96.5.3 - - - 301 - "POST /v2/auth/login/ HTTP/1.1" - 382 - "-" - "Deis Client v2.13.0" - "deis.testingdomain.com" - - - deis.testingdomain.com - - - 0.206 [2018-10-16T14:54:36+00:00] - deis/deis-controller - 88.96.5.3 - - - 401 - "GET /v2/ HTTP/1.1" - 449 - "-" - "Deis Client v2.13.0" - "deis.testingdomain.com" - 99.123.555.343:80 - deis.testingdomain.com - 0.005 - 0.005
In /var/log/modsec_audit.log:
/var/log/modsec_audit.log
---buUdnFqx---F-- HTTP/1.1 400 Server: nginx Date: Tue, 16 Oct 2018 15:12:46 GMT Content-Length: 166 Content-Type: text/html Connection: close Strict-Transport-Security: max-age=15552000 ---buUdnFqx---H-- ModSecurity: Access denied with code 400 (phase 2). Matched "Operator `Eq' with parameter `0' against variable `REQBODY_ERROR' (Value: `1' ) [file "/opt/router/conf/modsecurity.conf"] [line "44"] [id "200002"] [rev ""] [msg "Failed to parse request body."] [data "JSON parsing error: parse error: premature EOF\x0a"] [severity "2"] [ver ""] [maturity "0"] [accuracy "0"] [hostname "88.96.5.3"] [uri "/v2/apps/"] [unique_id "153970276610.273144"] [ref "v223,1"]
This seems to be a problem when enabling Modsecurity module in the nginx router. Seems to be blocking the
/v2route.When the nginx router has modsecurity disabled:
Router logs:
When the nginx router has modsecurity enabled:
Router logs:
In
/var/log/modsec_audit.log: