I recently installed an SSL certificate to secure our phpmyadmin login and data, since it is on the public internet. This worked fine, but after successfully logging in over HTTPS this message appears in a pink box:
Error in Processing Request
Error code: 403
Error text: Forbidden
It cannot be clicked away and nothing else works, the only option is to log out again. At the same time, Apache starts logging a flood of 403 errors for /phpmyadmin/error_report.php?ajax_request=true in the access log:
123.xxx.22.170 - - [10/Jun/2015:11:47:26 +0800] "POST /phpmyadmin/db_structure.php?ajax_request=1&favorite_table=1&sync_favorite_tables=1&token=-censored- HTTP/1.1" 403 589 "https://www.-censored-.org/phpmyadmin/index.php?collation_connection=utf8mb4_general_ci&token=-censored-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"
123.xxx.22.170 - - [10/Jun/2015:11:47:26 +0800] "GET /phpmyadmin/error_report.php?ajax_request=true&server=1&token=-censored-&get_settings=true&exception_type=js&_nocache=1433908072362921249 HTTP/1.1" 403 589 "https://www.-censored-.org/phpmyadmin/index.php?collation_connection=utf8mb4_general_ci&token=-censored-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"
123.xxx.22.170 - - [10/Jun/2015:11:47:27 +0800] "GET /phpmyadmin/error_report.php?ajax_request=true&server=1&token=-censored-&get_settings=true&exception_type=js&_nocache=143390807256911515 HTTP/1.1" 403 589 "https://www.-censored-.org/phpmyadmin/index.php?collation_connection=utf8mb4_general_ci&token=-censored-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"
....etc
My Apache config for the directory looks like this:
<Directory /var/www/www.--censored--.org/>
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
Using Ubuntu 14.04 LTS with manually installed phpmyadmin 4.4.7, Apache 2.4.7 and PHP 5.5.9, SSL certificate from Comodo SSL.
Very grateful for any help, all I have been able to find so far are recommendations to set allow from all, which I have done, or suggestions that AJAX and SSL are incompatible. Since phpmyadmin is completely based on AJAX, does this mean that it is impossible to run over HTTPS?
Thanks!
Related
In our Apache HTTP logs, we see two GET requests for a single PDF file: (notice the exact same time stamp)
For the first request the server returns status code 200 and for the second it returns code 302.
[05/Jul/2022:07:39:22 -0400] "GET /collections/collection_2020/eccc/En4-419-3-2020-eng.pdf HTTP/1.1" 200 1281326 "https://publications.gc.ca/site/archivee-archived.html?url=https://publications.gc.ca/collections/collection_2020/eccc/En4-419-3-2020-eng.pdf" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36"
[05/Jul/2022:07:39:22 -0400] "GET /collections/collection_2020/eccc/En4-419-3-2020-eng.pdf HTTP/1.1" 302 325 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36"
The the past we have seen the browser trying to do Chunking for large PDFs so we set "Accept-Ranges" to none. So we don't understand why we are seeing two requests for a single PDF.
<LocationMatch "\.pdf$">
Header set "Accept-Ranges" "none"
</LocationMatch>
I am running an OpenClinica install on my webserver and experience the following problem on Google Chrome only:
I access the landing page
I log into the root (or any other) account
On the logged in overview, I click any link (eg. list all patients)
I get logged out and thrown back to the landing page
This happens only on Google Chrome. Here are the relevant entries from the access.log - can anyone make sense of these? I don't have any knowledge of HTTP status codes.
[03/Sep/2019:13:29:09 +0200] "POST /OpenClinica/j_spring_security_check HTTP/1.1" 302 328 "http://my-url.com/OpenClinica/pages/login/login;jsessionid=E6A0E2838AA51B1DA9F6AED47C42D5CD" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:09 +0200] "GET /OpenClinica/favicon.ico HTTP/1.1" 304 177 "http://my-url.com/OpenClinica/pages/login/login;jsessionid=E6A0E2838AA51B1DA9F6AED47C42D5CD" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:09 +0200] "GET /OpenClinica/MainMenu HTTP/1.1" 200 8269 "http://my-url.com/OpenClinica/favicon.ico" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:10 +0200] "GET /favicon.ico HTTP/1.1" 302 421 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:10 +0200] "GET /OpenClinica/pages/login/login;jsessionid=EA92FE865CF5345428D7538D18871D99 HTTP/1.1" 200 4770 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
Click on List all patients
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/ListStudySubjects HTTP/1.1" 302 272 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/pages/login/login HTTP/1.1" 200 4770 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /favicon.ico HTTP/1.1" 302 422 "http://my-url.com/OpenClinica/pages/login/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/pages/login/login;jsessionid=9625D469100D1871538197FE241DECCB HTTP/1.1" 200 4770 "http://my-url.com/OpenClinica/pages/login/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/RssReader HTTP/1.1" 200 757 "http://my-url.com/OpenClinica/pages/login/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
Now I do have some whacky redirect rules, which I think are the root cause of the problem. They were written as a fix to a different problem - when logging in to the system, instead of regularly looking at the favicon, the browser (any browser) would attempt to OPEN the favicon.ico as a picture, leading to, depending on the browser, a 404 page or the favicon being opened as a picture full screen. Here are the redirect rules:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName www.my-url.com
ProxyPreserveHost On
ProxyPass /OpenClinica/favicon.ico http://localhost:8080/OpenClinica/
ProxyPassReverse /OpenClinica/favicon.ico http://localhost:8080/OpenClinica/
ProxyPass /OpenClinica/ http://localhost:8080/OpenClinica/
ProxyPassReverse /OpenClinica/ http://localhost:8080/OpenClinica/
ProxyPass / http://localhost:8080/OpenClinica/
ProxyPassReverse / http://localhost:8080/OpenClinica/
</VirtualHost>
Not used the specific application. As I see it, if you login while on / and you receive a cookie that is for /OpenClinica/ then: clicking on a relative link (that will keep you on /) would prevent the browser from re-sending the received cookie to the server.
I would replace the last 2 entries with something like:
RedirectMatch ^/$ /OpenClinica/
I did not exactly understand the issue with favicon but maybe you want to apply the same rule there.
Note: For RedirectMatch to work , mod_alias should be enabled.
Another thing: I see ProxyPreserveHost enabled. This means that OpenClinica should be aware of its external host name.
So that server is listening to port :80, but those proxy rules are all on port :8080 ... while I merely wonder why you need to configure proxy rules on localhost?
Just drop all of them and ignore the favicon issue meanwhile... the jsessionid being passed along with the URL rather hints for the server not handling the session properly, because such ID usually belongs into the request headers; putting them into the URL is the fallback option (because anyone who can see the logs can hijack these sessions, while in progress... no need for a password). With HTTPS it's not that bad, but on HTTP this is also visible in eventual proxy logs.
Honestly, I don't think this is a Chrome problem, but rather the vhost configuration and/or sessions problem.
It seems to stem from the vhost not having a DocumentRoot directive - and so it will inherit the global configuration, which seems to be one level above /OpenClinica.
i have spend a lifetime while traying to configurate SSL for Dropwizard
what i do is to start the dropwizard application with java -jar command in my console
NOT : i'am working right now on windows , but i'am planning to deploy the solution on linux after .
when i start my application , all works fine :
INFO [2018-10-16 16:23:26,739] org.eclipse.jetty.server.handler.ContextHandler: Started i.d.j.MutableServletContextHandler#24dc150c{/,null,AVAILABLE}
INFO [2018-10-16 16:23:26,759] org.eclipse.jetty.server.AbstractConnector: Started application#20231384{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}
INFO [2018-10-16 16:23:26,762] org.eclipse.jetty.server.AbstractConnector: Started admin#3ba97962{HTTP/1.1,[http/1.1]}{0.0.0.0:8081}
INFO [2018-10-16 16:23:26,762] org.eclipse.jetty.server.Server: Started #3071ms
when i hit on my browser/or my android client a normal request the server show me this :
0:0:0:0:0:0:0:1 - - [16/oct./2018:16:30:25 +0000] "GET /robots.txt HTTP/1.1" 404 43 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" 69
0:0:0:0:0:0:0:1 - - [16/oct./2018:16:30:25 +0000] "GET / HTTP/1.1" 404 43 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" 69
0:0:0:0:0:0:0:1 - - [16/oct./2018:16:30:30 +0000] "GET /robots.txt HTTP/1.1" 404 242 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" 8
0:0:0:0:0:0:0:1 - - [16/oct./2018:16:30:30 +0000] "GET / HTTP/1.1" 200 553 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" 4
0:0:0:0:0:0:0:1 - - [16/oct./2018:16:30:31 +0000] "GET /favicon.ico HTTP/1.1" 404 243 "http://localhost:8081/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" 1
but i have an other client who is configurate to work with SSL ( and it's the mean client, the others is just for the test )
when i hit the same request with HTTPS , that what happen :
WARN [2018-10-16 16:32:29,216] org.eclipse.jetty.http.HttpParser: Illegal character 0x16 in state=START for buffer HeapByteBuffer#12404fb3[p=1,l=517,c=8192,r=516]={\x16<<<\x03\x01\x02\x00\x01\x00\x01\xFc\x03\x036\xD2T\xFd5\xF9\xCd...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
googing this error i get tat is an problem with my server , he is not prepared to communicat with SSL
so how i can work with SSL or configurate SSL on jetty ?
i fix this by adding the the https params under server area on the yml config file
but i got some errors on ssl handshake so i fixed by creating the keystore .
I am having a problem with Apache randomly returning a blank page. It happens several times a day without any rhyme or reason. When this happens, the Apache access log indicates a 301 redirect to the same page which returns a 200 and no content, 0 bytes returned. Reloading the page works normally returning a 200 with content.
xxx.xxx.xxx.xxx - - [05/Apr/2018:09:52:43 -0400] "GET /administrator HTTP/1.1" 301 255 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/yyy.yyy.yyy.yyy Safari/537.36"
xxx.xxx.xxx.xxx - - [05/Apr/2018:09:52:43 -0400] "GET /administrator/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/yyy.yyy.yyy.yyy Safari/537.36"
xxx.xxx.xxx.xxx - - [05/Apr/2018:09:52:47 -0400] "GET /administrator/ HTTP/1.1" 200 1937 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/yyy.yyy.yyy.yyy Safari/537.36"
This is also a Joomla installation, but looking at the log I'm not sure how that would have any bearing. It also doesn't matter what page, it happens with random pages as well.
Since approximately one month I have been cumulating a lot of these entries as below list in my server in the Apache2 log file. I have spent several days trying to find out if this is really a hack in the server and how to really interpret this kind of entries. I would like to ask your help to clarify if this is an attack and, if it is, then where to search for the intruder script or file within the server. The referer changes quite frequently, but the requested resources are usually the same, mainly dumped
sql files.
127.0.0.1 - - [01/May/2017:13:05:39 -0500] "GET /sql.sql HTTP/1.1" 404 460 "e5755.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"
127.0.0.1 - - [01/May/2017:13:05:43 -0500] "GET /db.zip HTTP/1.1" 404 459 "e5755.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"
127.0.0.1 - - [01/May/2017:13:05:52 -0500] "GET /db.tar.gz HTTP/1.1" 404 470 "smbexperience.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"