Nginx: unsafe URI detected while sending response

现象:# 类似 <!--#include virtual="../library/header.html"--><div id="blog"> html语法无法解析,导致网站头部尾部不能正常展示

<!--#include virtual="library/header.html"--> 可以解析没有问题

# 代码片段
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<link rel="shortcut icon" href="http://blog.chinasoft.com/static/favicon.ico" />
<title>Influencer Marketing Tips</title>
<meta name="description" content="Learn more about the helpful influencer marketing tips for your brand, products or business on chinasoft blog center." />
</head>
<body> <!--#include virtual="../library/header.html"--><div id="blog">
<div>
<div class="container py-lg-5" style="max-width:1200px">
<div class="bg-light rounded py-4 px-5 mx-auto"> 网站头部不能加载影响美观 [root@eus_mp_web01:/data/www/vhosts/blog.chinasoft.com/httpdocs/influencer-marketing-tips]# tail -f /data/www/logs/nginx_log/error/blog.com_error.log
// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"
// :: [error] #: * open() "/data/www/vhosts/blog.chinasoft.com/httpdocs/static/favicon.ico" failed (: No such file or directory), client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /static/favicon.ico HTTP/1.1", host: "blog.chinasoft.com", referrer: "https://blog.chinasoft.com/influencer-marketing-tips/"
// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"
// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"
// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"
// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"
// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"
// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"
// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"
// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com" // :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"
// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com" 关于Nginx的SSI(包含路径)
如果shtml里面的网页代码包含语句写成如下:
<!--#include virtual="/test.html"-->
这样是没有问题,可以包含的,但是如果写成这样: <!--#include virtual="../test.html"-->
由于需要包含当前代码文件所在目录路径的上级目录文件,nginx会为此请求产生的子请求uri为/../test.html,默认nginx会认为这个uri并不是安全的,日志(error_log)会输入如下错误: // :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com" 不能正确包含文件,页面会输出[an error occurred while processing the directive],解决方法是找到nginx源代码目录的unsafe uri检查函数并强制使其返回一个NGX_OK # 解决办法: # 修改源文件tengine-2.2./src/http/ngx_http_parse.c
# 找到ngx_http_parse_unsafe_uri 函数,直接返回 NGX_OK ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
ngx_str_t *args, ngx_uint_t *flags)
{
return NGX_OK; # 新增return NGX_OK;
u_char ch, *p, *src, *dst;
size_t len;
ngx_uint_t quoted; len = uri->len;
p = uri->data;
quoted = ; if (len == || p[] == '?') {
goto unsafe;
} if (p[] == '.' && len > && p[] == '.'
&& (len == || ngx_path_separator(p[])))
{
goto unsafe;
} for ( /* void */ ; len; len--) { ch = *p++; if (ch == '%') {
quoted = ;
continue;
} if (usual[ch >> ] & ( << (ch & 0x1f))) {
continue;
} if (ch == '?') {
args->len = len - ;
args->data = p;
uri->len -= len; break;
} # 重新编译即可 ./configure --prefix=/usr/local/tengine-2.2.3_ssi --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2. --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2 # make && make install 重新编译以后nginx可以包含上级目录的文件,当然,带来的后果是安全性的下降

tengine无法解析ssi报错 Nginx: unsafe URI detected while sending response的更多相关文章

  1. 【spring boot】spring boot 前台GET请求,传递时间类型的字符串,后台无法解析,报错:Failed to convert from type [java.lang.String] to type [java.util.Date]

    spring boot 前台GET请求,传递时间类型的字符串,后台无法解析,报错:Failed to convert from type [java.lang.String] to type [jav ...

  2. golang解析json报错:invalid character '\x00' after top-level value

    golang解析json报错:invalid character '\x00' after top-level value 手动复制字符串:{"files":["c:/t ...

  3. Nginx配置SSL报错 nginx: [emerg] unknown directive "ssl"

    Nginx配置SSL报错 nginx: [emerg] unknown directive "ssl"     出现如图所示错误,处理办法如下 去nginx解压目录下执行 ./co ...

  4. nginx报错 nginx: [alert] kill(25903, 1) failed (3: No such process)

    当nginx 中报错 时 nginx报错 nginx: [alert] kill(25903, 1) failed (3: No such process) 通过在nginx/sbin,目录下 运行命 ...

  5. cinder-volume报错vmdk2 is reporting problems, not sending heartbeat. Service will appear "down".

    cinder-volume报错vmdk2 is reporting problems, not sending heartbeat. Service will appear "down&qu ...

  6. DOM解析XML报错:Content is not allowed in prolog

    报错内容为: Content is not allowed in prolog. Nested exception: Content is not allowed in prolog. 网上所述总结来 ...

  7. freemarker解析模板报错问题

    在确定模板文件代码无误的情况下,导致报错的原因大概有以下原因: 模板文件编码改变了(比如eclipse中的项目部署到tomcat下,而忘记设置tomcat编码就会导致读取模板文件编码不正确,导致程序解 ...

  8. 当html中存在url中如: onclick="toView('参数1')", 参数1是特别字符,如&asop;&quot;' "等时,浏览器解析时会报错。解决方法如文中描述

    解决方案: 自定义标签将字符串转换成unicode编码后输出显示到页面即可 解析原理:解析顺序html  ---url ----javascript---url,由于unicode编码在htm解析阶段 ...

  9. RobotFramework中解析中文报错UnicodeDecodeError

    在RobotFramework中解析一段包含中文的字符串时遇到下面的报错: FAIL : UnicodeDecodeError: 'ascii' codec can't decode byte 0xe ...

随机推荐

  1. SQL进阶系列之0窗口函数

    窗口函数 What's 窗口函数? 窗口函数也称为OLAP(OnLine Analytical Processing)函数,目前MySQL还不支持. 窗口函数的语法 <窗口函数> OVER ...

  2. 《代码敲不队》第九次团队作业:Beta冲刺第2天

    项目 内容 这个作业属于哪个课程 任课教师博客主页链接 这个作业的要求在哪里 作业链接地址 团队名称 代码敲不队 作业学习目标 (1)项目文档的完善与整理:(2)团队项目总结陈述PPT编制:(3)符合 ...

  3. nodejs保存图片至本地

    const request = require("request"); const fs = require("fs"); for(let i = 1; i & ...

  4. 前端学习笔记--js概述与基础语法、变量、数据类型、运算符与表达式

    本篇记录js的概述与基础语法.变量.数据类型.运算符与表达式 1.概述与基础语法 2.变量 举例: 3.数据类型 4.运算符与表达式

  5. vscode beautiful配置

    在工作目录下建立.jsbeautifyrc文件 官方文档 { "brace_style": "none,preserve-inline", "inde ...

  6. 题解 UVa10892

    题目大意 多组数据,每组数据给定一个整数 \(n\),求满足 \(LCM(x,y)=n\) 的不同无序整数对 \((x,y)\) 的数目. 分析 若有 \(LCM(x,y)=n\),则有 \(GCD( ...

  7. js正则验证input输入框有空格时提示直接去除空格

    <input type="text" id="test"/> <input type="button" value=&qu ...

  8. Android平台5+ API提前生效,支持在plusready事件前调用

    ios上plus是一直存在的,不涉及等ready事件.但安卓上还是需要等plus ready.在安卓环境中,通常情况下需要html页面解析完成后才会让5+ API生效,安卓的执行的顺序为: 加载htm ...

  9. 二维$MLE$线段树

    关于二维线段树,ta死了 先来看看两种二维线段树的打法 1.四叉树 然而ta死了,ta是$\Theta (n)$的,加上线段树的常数,$T$飞稳 2.线段树套线段树 我尽量画出来... 图中每个方块是 ...

  10. 交互设计算法基础(3) - Quick Sort

    int pivotIndex, pivot, swapIndex; void swap(int[] arr, int x, int y) { int temp = arr[x]; arr[x] = a ...