Login forbidden&errors ...

Andi

Just don't install Naxsi

Dear friends,

I have a problem with my nodebb Installation. After switching to a new Server I can't login anymore. Error: Forbidden

Debian 8.0 x64
nginx 1.9.4
npm 3.3.4
redis 2.8.17
node 0.10.29

My nginx Configuration:

server {
			listen 80 default_server;
			server_name sondorsforum.com;
			return 301 https://sondorsforum.com$request_uri;
}

server {
			listen 80;
			server_name 5.189.143.37;
			return 503;
}

server {
			listen 443;
			server_name 5.189.143.37;
			return 503;
}

server {
			listen 443 ssl spdy default deferred;
			server_name sondorsforum.com;

			location / {
		    include /etc/nginx/naxsi.rules;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;

            proxy_pass http://0.0.0.0:4567/;
            proxy_redirect off;
            # Socket.IO Support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
		    }

			ssl_certificate 	ssl/sondorsforum.com.pem;
			ssl_certificate_key ssl/sondorsforum.com.key;
			#ssl_trusted_certificate ssl/trustedbundle.pem;
			ssl_dhparam	     	ssl/dh.pem;
			ssl_ecdh_curve		secp384r1;
			ssl_session_cache   shared:SSL:10m;
			ssl_session_timeout 10m;
			ssl_session_tickets off;
			ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
			ssl_prefer_server_ciphers on;

			#ssl_stapling on;
			#ssl_stapling_verify on;
			#resolver 8.8.8.8 8.8.4.4 valid=300s;
			#resolver_timeout 5s;

			ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
			
			# HSTS - uncomment if you have a valid SSL certificate
			#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
			add_header X-Frame-Options DENY;
			add_header Alternate-Protocol  443:npn-spdy/2;
			add_header X-Content-Type-Options nosniff;
			add_header X-XSS-Protection "1; mode=block";
			#add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

			pagespeed on;
			pagespeed FetchHttps enable,allow_self_signed;
			pagespeed FileCachePath /var/lib/nginx/nps_cache;
			pagespeed RewriteLevel PassThrough;
			pagespeed EnableFilters collapse_whitespace;
			pagespeed EnableFilters canonicalize_javascript_libraries;
			pagespeed EnableFilters combine_css;
			pagespeed EnableFilters combine_javascript;
			pagespeed EnableFilters elide_attributes;
			pagespeed EnableFilters extend_cache;
			pagespeed EnableFilters flatten_css_imports;
			pagespeed CssFlattenMaxBytes 5120;
			pagespeed EnableFilters lazyload_images;
			pagespeed EnableFilters rewrite_javascript;
			pagespeed EnableFilters rewrite_images;
			pagespeed EnableFilters insert_dns_prefetch;
			pagespeed EnableFilters prioritize_critical_css;

			# This will correctly rewrite your subresources with https:// URLs and thus avoid mixed content warnings.
			# Note, that you should only enable this option if you are behind a load-balancer that will set this header,
			# otherwise your users will be able to set the protocol PageSpeed uses to interpret the request.
			#
			pagespeed RespectXForwardedProto on;

			auth_basic_user_file htpasswd/.htpasswd;

			include /etc/nginx/sites-custom/*.conf;

			location ~ \.php$ {
				try_files $uri =404;
				fastcgi_split_path_info ^(.+\.php)(/.+)$;
				fastcgi_pass unix:/var/run/php5-fpm.sock;
				fastcgi_index index.php;
				include fastcgi.conf;
				fastcgi_intercept_errors on;
				fastcgi_ignore_client_abort off;
				fastcgi_buffers 256 16k;
				fastcgi_buffer_size 128k;
				fastcgi_connect_timeout 3s;
				fastcgi_send_timeout 120s;
				fastcgi_read_timeout 120s; 
				fastcgi_busy_buffers_size 256k;
				fastcgi_temp_file_write_size 256k;
			}

		

			location ~ /\. {
				deny all;
				access_log off;
				log_not_found off;
			}

			location = /robots.txt {
				allow all;
				log_not_found off;
				access_log off;
			}

			# Uncomment, if you need to remove index.php from the
			# URL. Usefull if you use Codeigniter, Zendframework, etc.
			# or just need to remove the index.php
			#
			#location / {
			#   try_files $uri $uri/ /index.php?$args;
			#}

			location ~* ^.+\.(css|js)$ {
				rewrite ^(.+)\.(\d+)\.(css|js)$ $1.$3 last;
				expires 30d;
				access_log off;
				log_not_found off;
				add_header Pragma public;
				add_header Cache-Control "max-age=2592000, public";
			}

			location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
				expires 30d;
				access_log off;
				log_not_found off;
				add_header Pragma public;
				add_header Cache-Control "max-age=2592000, public";
			}

}

Naxsi.rules file if necessary:

LearningMode;
SecRulesEnabled;
DeniedUrl "/RequestDenied";

# Rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;

naxsi_core.rules

##################################
## INTERNAL RULES IDS:1-999     ##
##################################
#@MainRule "msg:weird request, unable to parse" id:1;
#@MainRule "msg:request too big, stored on disk and not parsed" id:2;
#@MainRule "msg:invalid hex encoding, null bytes" id:10;
#@MainRule "msg:unknown content-type" id:11;
#@MainRule "msg:invalid formatted url" id:12;
#@MainRule "msg:invalid POST format" id:13;
#@MainRule "msg:invalid POST boundary" id:14;
#@MainRule "msg:invalid JSON" id:15;
#@MainRule "msg:empty POST" id:16;
#@MainRule "msg:libinjection_sql" id:17;
#@MainRule "msg:libinjection_xss" id:18;

##################################
## SQL Injections IDs:1000-1099 ##
##################################
MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
## Hardcore rules
MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
MainRule "str:|" "msg:mysql keyword (|)"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
## end of hardcore rules
MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
MainRule "str:;" "msg:; in stuff" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008;
MainRule "str:=" "msg:equal in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009;
MainRule "str:(" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010;
MainRule "str:)" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011;
MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013;
MainRule "str:," "msg:, in stuff" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015;
MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
MainRule "str:@@" "msg:double @@" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1017;

###############################
## OBVIOUS RFI IDs:1100-1199 ##
###############################
MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104;
MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105;
MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106;
MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107;
MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108;
MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109;

#######################################
## Directory traversal IDs:1200-1299 ##
#######################################                                          
MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204;
MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205;
#MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206;

########################################
## Cross Site Scripting IDs:1300-1399 ##
########################################
MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
MainRule "str:[" "msg:[, possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
MainRule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
MainRule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
MainRule "str:`"  "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
MainRule "rx:%[2|3]."  "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;

####################################
## Evading tricks IDs: 1400-1500 ##
####################################
MainRule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
MainRule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;

#############################
## File uploads: 1500-1600 ##
#############################
MainRule "rx:\.ph|\.asp|\.ht" "msg:asp/php file upload!" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;

In error log I found this:

2015/09/27 16:02:22 [error] 20505#0: *1163 NAXSI_FMT: ip=108.xx.221.xx7&server=sondorsforum.com&uri=/socket.io/&learning=1&vers=0.54&total_processed=633&total_blocked=553&block=1&zone0=BODY&id0=11&var_name0=, client: 1x8.1xx.221.xx7, server: sondorsforum.com, request: "POST /socket.io/?EIO=3&transport=polling&t=1443362898342-122709&sid=Z6hgNYilz7n697KEAAAs HTTP/1.1", host: "sondorsforum.com", referrer: "https://sondorsforum.com/topic/55/kt-lcd3-display-connector-type-pins/15"
2015/09/27 16:02:25 [error] 20505#0: *1166 NAXSI_FMT: ip=10x.162.2xx.1x5&server=sondorsforum.com&uri=/socket.io/&learning=1&vers=0.54&total_processed=635&total_blocked=554&block=1&cscore0=$XSS&score0=40&zone0=HEADERS&id0=1315&var_name0=cookie&zone1=BODY&id1=11&var_name1=, client: 10x.162.2xx.1x5, server: sondorsforum.com, request: "POST /socket.io/?EIO=3&transport=polling&t=1443362548069-1547&sid=JdOnEYo8eOjo92KZAAA1 HTTP/1.1", host: "sondorsforum.com", referrer: "https://sondorsforum.com/topic/70/kt-lcd3-settings-for-sondors"
2015/09/27 16:02:25 [error] 20505#0: *1166 NAXSI_FMT: ip=108.12x.2x2.1x5&server=sondorsforum.com&uri=/socket.io/&learning=1&vers=0.54&total_processed=636&total_blocked=555&block=1&cscore0=$XSS&score0=40&zone0=HEADERS&id0=1315&var_name0=cookie, client: 1x8.16x.2x2.1x5, server: sondorsforum.com, request: "GET /socket.io/?EIO=3&transport=polling&t=1443362548905-1548&sid=JdOnEYo8eOjo92KZAAA1 HTTP/1.1", host: "sondorsforum.com", referrer: "https://sondorsforum.com/topic/70/kt-lcd3-settings-for-sondors"
2015/09/27 16:02:29 [error] 20505#0: *1169 NAXSI_FMT: ip=16x.1x8.88.x06&server=sondorsforum.com&uri=/socket.io/&learning=1&vers=0.54&total_processed=637&total_blocked=556&block=1&cscore0=$SQL&score0=40&cscore1=$XSS&score1=200&zone0=HEADERS&id0=1005&var_name0=cookie&zone1=HEADERS&id1=1010&var_name1=cookie&zone2=HEADERS&id2=1011&var_name2=cookie&zone3=HEADERS&id3=1315&var_name3=cookie&zone4=BODY&id4=11&var_name4=, client: x6x.1x8.8x.x06, server: sondorsforum.com, request: "POST /socket.io/?EIO=3&transport=polling&t=1443362548637-13651&sid=uaVLv6IIo-6DDqrCAAA2 HTTP/1.1", host: "sondorsforum.com", referrer: "https://sondorsforum.com/unread"

Thanks for your help

Community

Login forbidden&errors ...

Update from 1.13.2 to 1.14.2 error in npm module "sitemap"

error on centos

Error when starting NodeBB (Error parsing your configuration file)

Importing a phpBB3 forum - starting over, looking at logs and finding errors?

Keeping the stack alive

Community

Login forbidden&errors ...

Suggested Topics

Update from 1.13.2 to 1.14.2 error in npm module "sitemap"

error on centos

Error when starting NodeBB (Error parsing your configuration file)

Importing a phpBB3 forum - starting over, looking at logs and finding errors?

Keeping the stack alive