Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
TalosDx2016-05-08 09:29:29
Nginx
TalosDx, 2016-05-08 09:29:29

How to handle unknown/nonexistent extensions in nginx?

How to handle unknown/nonexistent extensions in nginx?
Found an interesting bug/error in the latest version of Joomla. Most likely there are in previous versions.
The error itself:

Warning: Parameter 1 to plgSystemRsseo::handleError() expected to be a reference, value given in Unknown on line 0

Fatal error: Uncaught Exception: Представление не найдено [name, type, prefix]: article, faf, contentView in /home/www/site/boundlessage/libraries/legacy/controller/legacy.php:885 Stack trace: #0 /home/www/site/boundlessage/libraries/legacy/controller/legacy.php(645): JControllerLegacy->getView('article', 'faf', 'contentView', Array) #1 /home/www/site/boundlessage/components/com_content/controller.php(113): JControllerLegacy->display(false, Array) #2 /home/www/site/boundlessage/libraries/legacy/controller/legacy.php(728): ContentController->display() #3 /home/www/site/boundlessage/components/com_content/content.php(38): JControllerLegacy->execute('') #4 /home/www/site/boundlessage/libraries/cms/component/helper.php(405): require_once('/home/www/site/...') #5 /home/www/site/boundlessage/libraries/cms/component/helper.php(380): JComponentHelper::executeComponent('/home/www/site/...') #6 /home/www/site/boundlessage/libraries/cms/application/site.php(191): JComponentHelper::renderComponent('com_content') in /home/www/site/boundlessage/libraries/legacy/controller/legacy.php on line 885

Falls out when the following conditions are met
1. The file does not exist on the disk/drive.
2. The extension is unknown or does not exist.
3. The file name itself without extension can be anything.
That is, since the question arises on the side of Jooml'y, you just need to not start the request if the
File does not exist
Extension is unknown
And yes, nginx gives all unknown extensions to Joomla.
How can I use location to select only unknown extensions
and successfully throw 404.
That is, all extensions that are not included in this list, for example:
(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt |pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF |EOT)
I feel that in capable hands this is a serious vulnerability.
Many thanks in advance for your help.
If you can't help with the config, but you have access to Jooml's bug tracker, then help the developers find and fix the bug by letting them know about it.
And now the attention is a bonus:
https://www.joomla.org/core-features.faw
The official site of Joomla, as you understand, also falls due to this error.
Turned to the cuts. I can't figure out what is causing the error either.
https://issues.joomla.org/tracker/joomla-cms/10419

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
T
TalosDx, 2016-07-06
@TalosDx

Fixed on the off site. We are waiting for comments once, how did they do it?

Similar questions
D
D99100992017-05-25 16:56:52
How to compose redirect nginx? 1Reply
W
winmasta2017-05-30 06:20:39
How to correctly configure forwarding from 80 to 443 port in nginx proxypass? 1Reply
I
Ilya Chichak2017-05-30 12:29:53
How to implement application functioning as in a subfolder in nginx? 0Reply
A
Aracon2018-01-13 13:12:07
How to make a multi-tenant application from a regular PHP application? Are there ready-made frameworks for such a task? 2Reply
A
Alex2019-10-31 12:40:57
How to fix PHP-FPM + Nginx vulnerability issue? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question