Nginx: unsafe URI detected while sending response

现象:# 类似 <!--#include virtual="../library/header.html"--><div id="blog"> html语法无法解析,导致网站头部尾部不能正常展示

<!--#include virtual="library/header.html"--> 可以解析没有问题

# 代码片段

<!DOCTYPE html>

<html>

<head>

<meta charset="utf-8">

<meta name="viewport" content="width=device-width,initial-scale=1.0">

<link rel="shortcut icon" href="http://blog.chinasoft.com/static/favicon.ico" />

<title>Influencer Marketing Tips</title>

<meta name="description" content="Learn more about the helpful influencer marketing tips for your brand, products or business on chinasoft blog center." />

</head>

<body>

<!--#include virtual="../library/header.html"--><div id="blog">

  <div>

    <div class="container py-lg-5" style="max-width:1200px">

      <div class="bg-light rounded py-4 px-5 mx-auto">

网站头部不能加载影响美观

[root@eus_mp_web01:/data/www/vhosts/blog.chinasoft.com/httpdocs/influencer-marketing-tips]# tail -f /data/www/logs/nginx_log/error/blog.com_error.log

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * open() "/data/www/vhosts/blog.chinasoft.com/httpdocs/static/favicon.ico" failed (: No such file or directory), client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /static/favicon.ico HTTP/1.1", host: "blog.chinasoft.com", referrer: "https://blog.chinasoft.com/influencer-marketing-tips/"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

关于Nginx的SSI(包含路径)

如果shtml里面的网页代码包含语句写成如下:

<!--#include virtual="/test.html"-->

这样是没有问题,可以包含的,但是如果写成这样:

<!--#include virtual="../test.html"-->

由于需要包含当前代码文件所在目录路径的上级目录文件,nginx会为此请求产生的子请求uri为/../test.html,默认nginx会认为这个uri并不是安全的,日志(error_log)会输入如下错误:

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

不能正确包含文件,页面会输出[an error occurred while processing the directive],解决方法是找到nginx源代码目录的unsafe uri检查函数并强制使其返回一个NGX_OK

# 解决办法:

# 修改源文件tengine-2.2./src/http/ngx_http_parse.c

# 找到ngx_http_parse_unsafe_uri 函数,直接返回 NGX_OK

ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,

    ngx_str_t *args, ngx_uint_t *flags)

{

    return NGX_OK;            # 新增return NGX_OK;

    u_char      ch, *p, *src, *dst;

    size_t      len;

    ngx_uint_t  quoted;

    len = uri->len;

    p = uri->data;

    quoted = ;

    if (len ==  || p[] == '?') {

        goto unsafe;

    }

    if (p[] == '.' && len >  && p[] == '.'

        && (len ==  || ngx_path_separator(p[])))

    {

        goto unsafe;

    }

    for ( /* void */ ; len; len--) {

        ch = *p++;

        if (ch == '%') {

            quoted = ;

            continue;

        }

        if (usual[ch >> ] & ( << (ch & 0x1f))) {

            continue;

        }

        if (ch == '?') {

            args->len = len - ;

            args->data = p;

            uri->len -= len;

            break;

        }

# 重新编译即可

./configure --prefix=/usr/local/tengine-2.2.3_ssi --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2. --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

# make && make install

重新编译以后nginx可以包含上级目录的文件,当然,带来的后果是安全性的下降

tengine无法解析ssi报错 Nginx: unsafe URI detected while sending response的更多相关文章

  1. 【spring boot】spring boot 前台GET请求,传递时间类型的字符串,后台无法解析,报错:Failed to convert from type [java.lang.String] to type [java.util.Date]

    spring boot 前台GET请求,传递时间类型的字符串,后台无法解析,报错:Failed to convert from type [java.lang.String] to type [jav ...

  2. golang解析json报错:invalid character '\x00' after top-level value

    golang解析json报错:invalid character '\x00' after top-level value 手动复制字符串:{"files":["c:/t ...

  3. Nginx配置SSL报错 nginx: [emerg] unknown directive "ssl"

    Nginx配置SSL报错 nginx: [emerg] unknown directive "ssl"     出现如图所示错误,处理办法如下 去nginx解压目录下执行 ./co ...

  4. nginx报错 nginx: [alert] kill(25903, 1) failed (3: No such process)

    当nginx 中报错 时 nginx报错 nginx: [alert] kill(25903, 1) failed (3: No such process) 通过在nginx/sbin,目录下 运行命 ...

  5. cinder-volume报错vmdk2 is reporting problems, not sending heartbeat. Service will appear "down".

    cinder-volume报错vmdk2 is reporting problems, not sending heartbeat. Service will appear "down&qu ...

  6. DOM解析XML报错:Content is not allowed in prolog

    报错内容为: Content is not allowed in prolog. Nested exception: Content is not allowed in prolog. 网上所述总结来 ...

  7. freemarker解析模板报错问题

    在确定模板文件代码无误的情况下,导致报错的原因大概有以下原因: 模板文件编码改变了(比如eclipse中的项目部署到tomcat下,而忘记设置tomcat编码就会导致读取模板文件编码不正确,导致程序解 ...

  8. 当html中存在url中如: onclick="toView('参数1')", 参数1是特别字符,如&asop;&quot;' "等时,浏览器解析时会报错。解决方法如文中描述

    解决方案: 自定义标签将字符串转换成unicode编码后输出显示到页面即可 解析原理:解析顺序html  ---url ----javascript---url,由于unicode编码在htm解析阶段 ...

  9. RobotFramework中解析中文报错UnicodeDecodeError

    在RobotFramework中解析一段包含中文的字符串时遇到下面的报错: FAIL : UnicodeDecodeError: 'ascii' codec can't decode byte 0xe ...

随机推荐

  1. 从锅炉工到AI专家 ---- 系列教程

    TensorFlow从1到2(十二)生成对抗网络GAN和图片自动生成 那些令人惊艳的TensorFlow扩展包和社区贡献模型  从锅炉工到AI专家(11)(END) 从锅炉工到AI专家(10)  从锅 ...

  2. P1169 [ZJOI2007]棋盘制作[悬线法/二维dp]

    题目描述 国际象棋是世界上最古老的博弈游戏之一,和中国的围棋.象棋以及日本的将棋同享盛名.据说国际象棋起源于易经的思想,棋盘是一个8 \times 88×8大小的黑白相间的方阵,对应八八六十四卦,黑白 ...

  3. Sharding-JDBC(三)3.1.0版本实践

    目录 一.Sharding-JDBC依赖 二.代码实践 三.源码分析 在上一篇博文中,介绍了Sharding-JDBC的分片策略.分片键和分片算法的基本概念,以及2.0.3版本可以支持和无法支持的使用 ...

  4. 【Beta】 Scrum meeting 3

    第三天 日期:2019/6/26 前言 组内进行第三次讨论,所有组员都到场,项目已经全部完成. 一.今天任务完成情况.成员贡献时间 组员 任务 贡献时间 徐浩杰 完成项目的全部测试,项目运行稳定 2h ...

  5. java -static的特性和使用,静态类/方法/块/内部类/回收机制

    mark一下,今天的作业. java-core P115 如果将域定义为static,每个类中只有一个这样的域.(这里的域应该是指一片物理数据空间,而不是单纯的指代某一个变量,而是静态域). publ ...

  6. 二.protobuf3数据类型

    定义数据类型 首先让我们看一个非常简单的例子.假设您想要定义搜索请求消息格式,其中每个搜索请求都有一个查询字符串.您感兴趣的特定结果页面以及每页的结果数量.这是用来定义消息类型的.proto文件. s ...

  7. C++面向程序设计(第二版)课后习题答案解析

    最近没什么心情整理零散的知识点,就整理一下第四章的课后习题答案. 1.定义一个复数类Complex,重载运算符“+”,使之能用于复数的加法运算.将运算符函数重载为非成员函数,非友元的普通函数.编程序, ...

  8. Tensorflow细节-P160-迁移学习

    这是一个完整的程序,值得保存 1.对图片进行预处理并保存 import glob import os.path import numpy as np import tensorflow as tf f ...

  9. Acwing P298 围栏

    Analysis ①首先将所有粉刷匠,按照必须刷的小木块Si从小到大排序. 上面这个操作为了保证我们可以顺序处理. ②我们可以设f[i][j]表示为,前i个粉刷匠,刷了前i个木块.可以有些木块选择不刷 ...

  10. RabbitMQ后台管理界面

    打开后台界面:http://localhost:15672/#/   右上角可以设置页面"刷新时间".以及选择监听的"虚拟主机". 界面有"概要&qu ...