Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8316

Nginx agent ignore a trailing ? from the request

    XMLWordPrintable

    Details

    • Rank:
      1|hzqyw7:

      Description

      Nginx agent ignore a trailing ? from request

      Steps to reproduce

      1.) Create a policy

      *://*:*/*?*
      

      2.) Get the valid session into your browser
      3.) Hit the agent protected page with question mark at the end
      http://perf-openam2.internal.forgerock.com/index.html?

      Observed result

      403 Forbidden

      Expected Result

      200 Allow

      As see in the nginx error log request come with ? and then received 403by agent (whole nginx error log is in attachment)

      nginx debug log
      2016/02/09 11:23:35 [debug] 11706#11706: *2 http process request line
      2016/02/09 11:23:35 [debug] 11706#11706: *2 http request line: "GET /index.html? HTTP/1.1"
      2016/02/09 11:23:35 [debug] 11706#11706: *2 http uri: "/index.html"
      2016/02/09 11:23:35 [debug] 11706#11706: *2 http args: ""
      2016/02/09 11:23:35 [debug] 11706#11706: *2 http exten: "html"
      2016/02/09 11:23:35 [debug] 11706#11706: *2 http process request header line
      ...
      
      ...
      2016/02/09 11:23:35 [debug] 11706#11706: *2 agent handler: status -> 403
      2016/02/09 11:23:35 [debug] 11706#11706: *2 http finalize request: 403, "/index.html?" a:1, c:1
      2016/02/09 11:23:35 [debug] 11706#11706: *2 http special response: 403, "/index.html?"
      
      agent debug log
      2016-02-09 11:23:35.616 +0000   DEBUG [0x7ff8f0e28700:11706][source/process.c:198] setup_request_data(): original request url: http://perf-openam2.internal.forgerock.com/index.html
      2016-02-09 11:23:35.616 +0000   DEBUG [0x7ff8f0e28700:11706][source/process.c:310] setup_request_data(): no token in query parameters
      2016-02-09 11:23:35.616 +0000   DEBUG [0x7ff8f0e28700:11706][source/process.c:320] setup_request_data():
      method: GET
      original url: http://perf-openam2.internal.forgerock.com/index.html
      proto: http
      host: perf-openam2.internal.forgerock.com
      port: 80
      path: /index.html
      query:
      complete: http://perf-openam2.internal.forgerock.com:80/index.html
      overridden: http://perf-openam2.internal.forgerock.com:80/index.html
      pathinfo: (empty)
      normalized (pathinfo removed): (empty)
      overridden (pathinfo removed): (empty)
      
      nginx access log
      172.25.1.18 - - [09/Feb/2016:11:23:35 +0000] "GET /index.html? HTTP/1.1" 403 571 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/48.0.2564.82 Chrome/48.0.2564.82 Safari/537.36"
      
      agent audit log
      2016-02-09 11:23:35.672 +0000   AUDIT [0x7ff8f0e28700:11706] user demo (172.25.1.18) was denied access to http://perf-openam2.internal.forgerock.com:80/index.html
      

        Attachments

          Activity

            People

            nick.james Nicholas James
            richard.hruza Richard Hruza
            Richard Hruza Richard Hruza
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: