Crash for unknown reason #27

ethernidee · 2023-01-31T04:39:12Z

The following simple .htaccess file produces 500 error:

## No directory listings
Options -Indexes

<IfModule autoindex>
  IndexIgnore *
</IfModule>

RewriteEngine On
RewriteBase /

## Begin - Rewrite rules to block out some common exploits ##
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F]
## End - Rewrite rules to block out some common exploits ##

# Remove trailing backslash from URIs
RewriteCond %{REQUEST_METHOD} =GET
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)\/$ $1 [R=301,L]

## Begin - Core SEF Section ##
#RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [L]
## End - Core SEF Section ##

Error:

*211 lua entry thread aborted: runtime error: /etc/nginx/lua/htaccess.lua:796: bad argument #2 to 'gsub' (string/function/table expected)
stack traceback:
coroutine 0:
  [C]: in function 'gsub'
  /etc/nginx/lua/htaccess.lua:796: in function 'replace_server_vars'
  /etc/nginx/lua/htaccess.lua:1060: in function </etc/nginx/lua/htaccess.lua:1>, client: 0.0.0.0, server: test.com, request: "POST /api/receive-signals HTTP/1.1", host: "test.com"
2023/01/31 04:30:31 [error] 766145#766145: *212 lua entry thread aborted: runtime error: /etc/nginx/lua/htaccess.lua:796: bad argument #2 to 'gsub' (string/function/table expected)
stack traceback:
coroutine 0:
  [C]: in function 'gsub'
  /etc/nginx/lua/htaccess.lua:796: in function 'replace_server_vars'
  /etc/nginx/lua/htaccess.lua:1060: in function </etc/nginx/lua/htaccess.lua:1>, client: 0.0.0.0, server: test.com, request: "GET /admin/panel HTTP/2.0", host: "test.com", referrer: "https://test.com/admin/login"
2023/01/31 04:30:33 [error] 766145#766145: *212 lua entry thread aborted: runtime error: /etc/nginx/lua/htaccess.lua:796: bad argument #2 to 'gsub' (string/function/table expected)
stack traceback:
coroutine 0:
  [C]: in function 'gsub'
  /etc/nginx/lua/htaccess.lua:796: in function 'replace_server_vars'
  /etc/nginx/lua/htaccess.lua:1060: in function </etc/nginx/lua/htaccess.lua:1>, client: 0.0.0.0, server: test.com, request: "GET /favicon.ico HTTP/2.0", host: "test.com", referrer: "https://test.com/admin/panel"

The text was updated successfully, but these errors were encountered:

e404#27

ethernidee · 2023-02-02T23:04:48Z

I would also look at the following code:

elseif svar == 'script_filename' then -- %{SCRIPT_FILENAME}
  replace = ngx.var['fastcgi_script_name']
  
  if not replace or replace == '' then
    replace = ngx.var['request_filename']
  else
    replace = (ngx.var['document_root']..'/'..script_filename):gsub('/+', '/')
  end
  replace = script_filename

Seems like the last line replace = script_filename is odd or condition block should be removed.

rkaiser0324 added a commit to rkaiser0324/htaccess-for-nginx that referenced this issue Jan 31, 2023

fix: handle nil QUERY_STRING variables

b4e87f9

e404#27

rkaiser0324 mentioned this issue Jan 31, 2023

doc: add Docker container for reference #26

Open

rkaiser0324 mentioned this issue May 27, 2023

QSA in RewriteRule only works if there is already a query string in the destination URL #31

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Crash for unknown reason #27

Crash for unknown reason #27

ethernidee commented Jan 31, 2023

ethernidee commented Feb 2, 2023

Crash for unknown reason #27

Crash for unknown reason #27

Comments

ethernidee commented Jan 31, 2023

ethernidee commented Feb 2, 2023