GbPlugin
W. Andrew Loe III
andrew at andrewloe.com
Fri May 7 21:58:55 MSD 2010
Mystery solved, it is a poorly configured client that URI encodes the
query string ?
"GET /images/icons/folder_read_16x16.png%3F1273194370 HTTP/1.1"
This should be:
"GET /images/icons/folder_read_16x16.png?1273194370 HTTP/1.1"
On Fri, May 7, 2010 at 10:15 AM, W. Andrew Loe III <andrew at andrewloe.com> wrote:
> This user agent is able to create a bad request for image assets that
> is bypassing nginx. We are seeing these odd requests in our Rails
> application (via Passenger) but they should either be 400s or serve
> valid images. A quick google search turns up some interesting history
> on this User-Agent, it seems that it has been compromised by some
> Brazilian malware authors.
>
> Here is an example exception from our application, does anyone see
> anything strange? If I attempt to hit that url in a standard browser I
> get an image, I do not see an accepts header, perhaps this is why
> nginx passing the request on?:
>
> A ActionController::RoutingError occurred in application#index:
>
> No route matches "/images/ajax-loader.gif" with
> {:subdomain=>"macchiato-assets2", :method=>:get,
> :domain=>"onehub.com", :host=>"macchiato-assets2.onehub.com"}
> [RAILS_ROOT]/vendor/rails/actionpack/lib/action_controller/routing/recognition_optimisation.rb:66:in
> `recognize_path'
>
> -------------------------------
> Request:
> -------------------------------
>
> * URL : http://macchiato-assets2.onehub.com/images/ajax-loader.gif?1273194370
> * IP address: 200.204.143.221
> * Parameters: {"1273194370"=>nil}
> * Rails root: /data/onehub/deploy_1
>
> -------------------------------
> Session:
> -------------------------------
>
> * session id: nil
> * data: nil
>
> -------------------------------
> Environment:
> -------------------------------
>
> * CONTENT_LENGTH : 0
> * DOCUMENT_ROOT : /data/onehub/current/public
> * HTTP_CACHE_CONTROL : no-cache
> * HTTP_CONNECTION : keep-alive
> * HTTP_COOKIE :
> _onehub_session_id=<snip>; remember_me=1
> * HTTP_HOST : macchiato-assets2.onehub.com
> * HTTP_USER_AGENT : GbPlugin
> * HTTP_X_FORWARDED_FOR : 200.204.143.221
> * PASSENGER_APP_SPAWNER_IDLE_TIME : -1
> * PASSENGER_APP_TYPE : rails
> * PASSENGER_ENVIRONMENT : production
> * PASSENGER_FRAMEWORK_SPAWNER_IDLE_TIME : -1
> * PASSENGER_SPAWN_METHOD : smart-lv2
> * PASSENGER_USE_GLOBAL_QUEUE : true
> * PATH_INFO :
> /images/ajax-loader.gif?1273194370
> * QUERY_STRING :
> * RAW_REQUEST_URI :
> /images/ajax%2Dloader.gif%3F1273194370
> * REMOTE_ADDR : 10.250.18.33
> * REMOTE_PORT : 48252
> * REQUEST_METHOD : GET
> * REQUEST_URI :
> /images/ajax-loader.gif?1273194370
> * SCGI : 1
> * SCRIPT_NAME :
> * SERVER_ADDR : 10.250.182.80
> * SERVER_NAME : 10.250.182.80
> * SERVER_PORT : 80
> * SERVER_PROTOCOL : HTTP/1.1
> * SERVER_SOFTWARE : nginx/0.7.65
> * _ : _
> * action_controller.request.path_parameters :
> * action_controller.request.query_parameters : 1273194370
> * action_controller.request.request_parameters:
> * action_controller.rescue.request :
> #<ActionController::Request:0x10175510>
> * action_controller.rescue.response :
> #<ActionController::Response:0x101678e8>
> * rack.errors : #<IO:0x98afe18>
> * rack.input :
> #<PhusionPassenger::Utils::RewindableInput:0x10175ab0>
> * rack.multiprocess : true
> * rack.multithread : false
> * rack.request.cookie_hash :
> * rack.request.cookie_string :
> _onehub_session_id=<snip>; remember_me=1
> * rack.request.query_hash : 1273194370
> * rack.request.query_string : 1273194370
> * rack.run_once : false
> * rack.session :
> * rack.session.options : <snip>
> * rack.url_scheme : http
> * rack.version : 10
>
> * Process: 27543
> * Server : ip-10-250-182-80
>
More information about the nginx
mailing list