-
Notifications
You must be signed in to change notification settings - Fork 260
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
External links blocked by modsecurity #790
Comments
Hi! Thank you for your report. It looks like your report is missing some important sections of your issue template. Please complete it so that we get a better understanding of your setup and the problem to be able to fix the issue. It's okay to omit certain section where it's obvious that they are irrelevant, but please don't simply ignore almost the full template. Thank you. |
@ChristophWurst Sorry, issue is updated. |
Which means this line is triggered mail/lib/Controller/ProxyController.php Line 87 in b0569a3
Could you please share the URL (you can remove the domain) of the page that shows the error? I'd be interested in the redirection URL and if it specifies a protocol. |
It's for example the "view it on GitHub" link in github mails like |
I'm not familiar with modsecurity. Does it rewrite/change the URL? The requested URL looks good. |
For debugging purposes it would help to know the value of mail/lib/Controller/ProxyController.php Line 81 in b0569a3
error_log statement and checking the php error logs.
|
I'm also not familiar with modsecurity. I only can provide the description from the plesk UI. Mode: On
Rule set: Atomic Basic ModSecurity
Configuration: Fast
"Maybe you can find that out with a error_log statement and checking the php error logs." |
It seems that $src is empty. I adopt line 87 to: The error message is:
Now it is clear that modsecurity rule ID 340162 removes the value from $src. I testet it without that rule and the src is not empty. |
Okay, great that you could verify that. Does that mean this issue is resolved? I don't think this app can do anything about this if an apache module mangles the request. |
Maybe a solution/info in the documentation would be great. |
Please file a ticket here: https://github.com/nextcloud/documentation to discuss that. Thank you! |
Steps to reproduce
Expected behaviour
The redirectpage should be opened
Actual behaviour
A internal errorpage is shown
Mail app
Mail app version: 0.7.10
Mailserver or service: same server (dovecot imap)
Number of accounts: 1
Server configuration
Operating system: Linux 3.16.0-042stab125.3 #1 SMP Wed Sep 27 19:27:11 MSK 2017 x86_64
Web server: Apache (fpm-fcgi)
Database: mysql 10.0.32
PHP version: 7.2.2
Modules loaded: Core, date, libxml, openssl, pcre, zlib, bz2, calendar, ctype, hash, filter, ftp, gettext, gmp, SPL, iconv, Reflection, session, standard, SimpleXML, sockets, mbstring, tokenizer, xml, cgi-fcgi, mysqlnd, bcmath, curl, dba, dom, enchant, fileinfo, gd, imagick, imap, intl, json, ldap, exif, mysqli, odbc, PDO, pdo_mysql, PDO_ODBC, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, pspell, redis, soap, sqlite3, sysvmsg, sysvsem, sysvshm, tidy, xmlreader, xmlrpc, xmlwriter, xsl, zip, Zend OPcache
Version: 13.0.0 - 13.0.0.14
Updated from an older version or fresh install: updated from owncloud last year to maybe version 10 of nextcloud (not sure anymore)
Where did you install Nextcloud from: nextcloud.com (Nextcloud Server)
List of activated apps:
Enabled:
Disabled:
The content of config/config.php:
Are you using external storage, if yes which one: no
Are you using encryption: yes
Are you using an external user-backend, if yes which one: no
Client configuration
Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36
Operating system: Windows 10 Pro 1709 (Build 16299.248)
Logs
Web server error log
Server log (data/nextcloud.log)
Nexcloud doesn't log errors in to the file in debug mode (i don't no why). Here is the message from the errorpage, after clicked the link.
Browser log
javascript console log
The text was updated successfully, but these errors were encountered: