NGINX: different logs for two different websocket connections - ssl

We have two clients, one javascript and one C++. The C++ is using libwebsockets. Both of them try to connect via secure websockets (wss) to our websocket server via port 7000, that is sitting behind an NGINX server. When the javascript client connects, the connection is successful and in the NGINX 7000 port logs, this shows:
[04/May/2018:12:25:30 +0000] "GET / HTTP/1.1" 101 0 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36"
However, when trying to connect with the C++ client, the connection fails and the logs show
[04/May/2018:10:59:40 +0000] "GET / HTTP/1.1" 400 5 "-" "-"
Why is it throwing a 400 instead of a 101 in the second case? We are not sure how to debug this. This is what we use in the websocket client
ws->init("wss://echo.websocket.org:7000", nullptr, "your CA root file path");
The client just says Connection Failed. We tried inspecting data with wireshark and enabling more logs in the NGINX server but we can't figure it out. What can it be about? Could it be because of miss-matched SSL/TLS versions?

Turns out the the client's library was not actually including the port number in the request, even when it's included in the connection URL. So either configuring NGINX to handle this specific case or making the library include the port in the request, solves the probem.

Related

Proxy is ignored for localhost in docker selenium version: 3.141.59-zinc

Description:
I have upgraded docker selenium version to 3.141.59-zinc (from 3.141.59-europium), it started failing the acceptance test due to header info (set through proxy server) not found at server side. If I change image from zinc to europium - all works fine.
Log trace with 3.141.59-europium:
Remote address of request printed at server side: 127.0.0.1
Headers: {accept-language=en-US,en;q=0.9, host=localhost:39868, upgrade-insecure-requests=1, user=123456789, accept-encoding=gzip, deflate, br, user-agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36,
accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8, via=1.1 browsermobproxy}
Log trace with 3.141.59-zinc :
Remote address of request printed at server side: 0:0:0:0:0:0:0:1
Headers: {sec-fetch-mode=navigate, sec-fetch-site=none, accept-language=en-US,en;q=0.9, host=localhost:42365, upgrade-insecure-requests=1, connection=keep-alive, sec-fetch-user=?1, accept-encoding=gzip, deflate, br, user-agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36, accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9}
To Reproduce
Create Proxy object with host and port.
Set proxy in webdriver capabilities.
DesiredCapabilities cap = DesiredCapabilities.chrome();
cap.setCapability(CapabilityType.PROXY, proxy);
Set Proxy header
proxyServer.addHeader("user", "123456789");
Access application
driver.get("http://localhost:/welcome")
Check for proxy header "user", it should be 123456789
Expected behaviour
I am setting header with user=123456789, which is not getting passed if using webdriver 3.141.59-zinc. If I manually call url using URLConnection with proxy - Its working (So no issue in proxy server).
And also If I use ip address instead of localhost, its working fine (proxy header available in request at server). So I guess, its ignoring proxy for localhost in the new version of webdriver 3.141.59-zinc. I also tried with setting noProxy with null/"" but it did not work.
Environment
OS: Oracle Linux Server release 7.5
Docker-Selenium image version: 3.141.59-zinc
Docker version: 17.06.2-ol
Note: Using standalone chrome in headless mode

Apache cgi script invoked from browser but not embedded device

I am working on a project that involves two embedded devices, let's call them A and B. Device A is the controller and B is being controlled. My goal is to make an emulator for device B, i.e., something that acts like B so A thinks it's controlling B but in reality, it is controlling my own emulator. I don't control or can change A.
Control occurs via the controller posting GET commands invoking various cgi scripts so the plan is to install apache on "my" device, setup CGI and replicate the various scripts. I am running apache version 2.4.18 on Ubuntu 16.04.5 and have configured Apache2 so it successfully runs the various scripts depending on the URL. As an example, one of the scripts is called 'man_session' and a typical URL issued by device A looks like this: http://192.168.0.14/cgi-bin/man_session?command=get&page=122
I have build a C/C++ program named 'man_session' and have successfully configured Apache to invoke my script when this URL is submitted. I can see this based on the apache log:
192.168.0.2 - - [24/Jan/2019:14:38:38 +0000] "GET /cgi-bin/man_session?command=get&page=122 HTTP/1.1" 200 206 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
Also, my script writes to stderr and I can see the output in the log file:
[Thu Jan 24 14:46:10.850123 2019] [cgi:error] [pid 23346:tid 4071617584] [client 192.168.0.2:62339] AH01215: Received man_session command 'command=get&page=122': /home/pi/cgi-bin/man_session
So far so good. The problem I am having is that the script does not get invoked when device A makes the request, only when I make the request via a browser (both Chrome and Internet Explorer work) or curl. The browsers run on my Windows PC and curl runs on the embedded device "B" itself.
When I turn on device A, I can see the URL activity on the log but the script does not get invoked. Below is a log entry showing the URL but which that does not invoke the 'man_session' script. It shows a code of 400 which according to the HTTP specification is an error "due to malformed syntax". Other differences are the missing referrer and user-agent information and http 1.0 vs http 1.1, but I don't see why these would matter.
192.168.0.9 - - [24/Jan/2019:14:38:12 +0000] "GET /cgi-bin/man_session?command=get&page=7 HTTP/1.0" 400 0 "-" "-"
Note that device A is 192.168.0.9 and my PC is 192.168.0.2. What am I missing here, why doesn't the above URL invoke the script as when issued by the browser? Is there any place where I can get more information about why the code 400 occurs in this case?
After a lot of back and forth, I finally figured out the issue. Steps taken:
Increased log level to debug (instead of the default 'warn' in apache2.conf
This caused the following error message to show up in the log
[Sat Jan 26 02:47:56.974353 2019] [core:debug] [pid 15603:tid 4109366320] vhost.c(794): [client 192.168.0.9:61001] AH02415: [strict] Invalid host name '192.168.000.014'
After a bit of research, added the following line to the apache2.conf file
HttpProtocolOptions Unsafe
This fixed it and the scripts are now called as expected.

Xampp slow response with WIZ107

I want to send data from an Atmega32 to a Laravel site, for this i got a WIZ107 convertor which is set to auto connect to the Laravel site on port 80.
Atmega--(HTTP)-->WIZ107--(HTTP)-->Server
The problem is the slow response time from server, almost all the time is 5 seconds. Accessed from the browser the delay is no more. I am running on XAMPP v3.2.2
How can I get rid of this delay?
This is the function which sends the HTTP request
void http_send_get(char *code, char *code_source, char *turnistle_id)
{
usart_putstring("GET ");
usart_putstring(HTTP_SERVER_PHP_SCRIPT_LOCATION);
usart_putstring("?code=");
usart_putstring(code);
usart_putstring("&source=");
usart_putstring(code_source);
usart_putstring("&turnistle_id=");
usart_putstring(turnistle_id);
usart_putstring(" HTTP/1.1\r\n");
usart_putstring("Accept: text/html,application/xhtml+xml,application/xml;q=0.8\r\n");
usart_putstring("Accept-Encoding: gzip, deflate\r\n");
usart_putstring("Accept-Language: ro-RO,ro;q=0.8,en-US;q=0.6,en-GB;q=0.4,en;q=0.2\r\n");
usart_putstring("Connection: keep-alive\r\n");
usart_putstring("Host: 192.168.1.7\r\n");
usart_putstring("Upgrade-Insecure-Requests: 1\r\n");
usart_putstring("User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:48.0) Gecko/20100101 Firefox/48.0\")\r\n");
usart_putstring("\r\n");
usart_putc(0x10);
}

Websocket Not working with Some ISP's

Not sure why I am getting this issue, But My Websocket Connection works on specific ISP while fails on others. I know it sounds absurd but it is happening. My websocket connection works on Two ISP while fails on one. I am using Wildfly Application Server serving the WS Connection and Apache WebServer for proxy forwarding.
Here is the detail of my Request/Response,
General
Request URL:ws://example.com/chat/3
Request Method:GET
Status Code:101 Switching Protocols
Response Headers
Connection:Upgrade
Content-Length:0
Date:Fri, 13 May 2016 13:09:11 GMT
Origin:http://example.com
Sec-WebSocket-Accept:pPjTLv5Dz+/vyjY/SkeMihaXDd0=
Sec-WebSocket-Location:ws://example.com/chat/3
Server:WildFly/9
Upgrade:WebSocket
X-Powered-By:Undertow/1
Request Headers
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:Upgrade
Cookie:mp_c4f10660603c33a8e9307b70e6767539_mixpanel=%7B%22distinct_id%22%3A%20%2215210855b11180-0ffdda567-1821170c-d37aa-15210855b123f2%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D; mf_user=a60cd2cdcfc41836645d949f71ee3127; intercom-id=d1af89ac-9d55-4fef-8a17-3848d8ef0fce; wooTracker=VQf16pMBx4Pu; _ga=GA1.2.544774749.1447732319; JSESSIONID=z4a1hBpQJQz4YCsLivHRRFf8b0dzYzBsT_4PLadB.ip-172-30-0-20; mf_154095de-56ef-4099-9976-f9a298cf0677=8438220eda64d856436d798ca0b9188a|05132367e34aabbf7bcce5b1e8811235b0bd15d4|1463144963483||19|
Host:example.com
Origin:http://example.com
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:94OH1SxHvszgJO6Rg31WGA==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
However, When I tried testing some of the Demo Sites like http://websocket.org/echo.html they are working as expected.
The only difference I found between those connections was header on response from the server Upgrade:websocket whereas my server is returning Upgrade:WebSocket as part of the response. However, I believe that the header are case insensitive and it shouldn't be the issue.
Also, Is it possible to rewrite the Header value for the Response using apache header mod?

Apache logs showing strange ^# characters ? What does this mean ?

My apache logs are always interrupted by strange characters :
84.196.205.238, 172.23.20.177, 172.23.20.177 - - [05/May/2015:11:48:15 +0200] 0 www.sudinfo.be "GET /sites/default/files/imagecache/pagallery_450x300/552495393_google_street_view HTTP/1.1" 200 32620 "http://www.sudinfo.be/247263/article/culture/medias/2011-11-23/google-street-view-en%C2%A0belgique-comment-trouver-votre-maison" "Mozilla/5.0 (Linux; U; Android 4.2.2; nl-be; GT-P3110 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30"
^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#^#efault/files/imagecache/pagallery_450x300/2015/01/13/1554554859_B974505865Z.1_20150113094316_000_GVR3PDRHQ.1-0.jpg HTTP/1.1" 200 26033 "http://www.bing.com/images/search?q=leonardo+dicaprio+Met+gala&id=06B1C7410D6458C6A698AC09F3F8C6B7915BFFDE&FORM=IQFRBA" "Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53"
Do you have any idea what can be the cause of this ?
If your web server is externally accessible then this is probably an artifact from an attempt to hack your server
ISTR ^# is how apache logs a "NULL" zero byte. These are used to pad attacks such as buffer overflow
You may like to look at counter measures such as mod_security
https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-Frequently-Asked-Questions-%28FAQ%29
I hope it is obvious that a full patched server and application stack is more likely to be able to withstand random attack attempts like this
Ok finally found out what the problem was. My log files are written on a Network filesystem and my bash client just had problems to read it because of the network.
False alarm, everything still safe. Thanks for the help.