I didn't figure out the underlying issue, but I did fix it by uninstalling the node_modules and then reinstalling them.
Express.js Malicious Path Middleware Error 403
-
29-08-2022 - |
문제
I get this error when I make a post request to my server, but only on my production server (pre-release) - my staging server works fine. Both are AWS ubuntu boxes.
Looking through the stack trace, the source of the error is an http request with a url of '../../css', that is then interpreted by send.js 145 and send.js 310 as a malicious path, causing the server to crash. However, after grepping my code base, there are no occurrences of '../../css'.
I would really appreciate any help or insight anyone can offer, as the only similar SO question I found helped me diagnose the malicious path issue, but didn't helping me understand where the ../../css is coming from:
403 / Forbidden on favicon with NodeJS / Express
Thanks!
{
"date":"Wed Nov 20 2013 04:16:30 GMT+0000 (UTC)",
"process":{
"pid":10842,
"uid":0,
"gid":0,
"cwd":"/home/ubuntu/developer-getlocket",
"execPath":"/usr/bin/nodejs",
"version":"v0.10.21",
"argv":[
"nodejs",
"/home/ubuntu/developer-getlocket/app.js"
],
"memoryUsage":{
"rss":89632768,
"heapTotal":63371520,
"heapUsed":30075536
}
},
"os":{
"loadavg":[
0.0029296875,
0.0146484375,
0.04541015625
],
"uptime":2938975.002619042
},
"trace":[
{
"column":16,
"file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/send/lib/send.js",
"function":"SendStream.error",
"line":145,
"method":"error",
"native":false
},
{
"column":52,
"file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/send/lib/send.js",
"function":"SendStream.pipe",
"line":310,
"method":"pipe",
"native":false
},
{
"column":8,
"file":"[as handle] (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/static.js",
"function":"Object.staticMiddleware",
"line":84,
"method":"staticMiddleware",
"native":false
},
{
"column":15,
"file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js",
"function":"next",
"line":190,
"method":null,
"native":false
},
{
"column":5,
"file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/logger.js",
"function":"Object.logger",
"line":156,
"method":"logger",
"native":false
},
{
"column":15,
"file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js",
"function":"next",
"line":190,
"method":null,
"native":false
},
{
"column":7,
"file":"[as handle] (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/favicon.js",
"function":"Object.favicon",
"line":77,
"method":"favicon",
"native":false
},
{
"column":15,
"file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js",
"function":"next",
"line":190,
"method":null,
"native":false
},
{
"column":5,
"file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/logger.js",
"function":"Object.logger",
"line":156,
"method":"logger",
"native":false
},
{
"column":15,
"file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js",
"function":"next",
"line":190,
"method":null,
"native":false
}
],
"stack":[
"Error: Forbidden",
" at SendStream.error (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/send/lib/send.js:145:16)",
" at SendStream.pipe (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/send/lib/send.js:310:52)",
" at Object.staticMiddleware [as handle] (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/static.js:84:8)",
" at next (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js:190:15)",
" at Object.logger (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/logger.js:156:5)",
" at next (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js:190:15)",
" at Object.favicon [as handle] (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/favicon.js:77:7)",
" at next (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js:190:15)",
" at Object.logger (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/logger.js:156:5)",
" at next (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js:190:15)"
],
"req":{
"url":"/../../css",
"headers":{
"host":"developers.getlocket.com",
"accept-encoding":"gzip, deflate",
"accept":"*/*",
"cookie":"connect.sid=s%3A9_PUj6XZqF8HKRCoTqHPT5cJ.V2cxTaxk5sLlsNtAMByR7JpvtvwbuebOMZ6IgoEQLgI",
"connection":"keep-alive",
"accept-language":"en-us",
"user-agent":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7"
},
"method":"GET",
"httpVersion":"1.1",
**"originalUrl":"/../../css",**
"query":{
}
},
"level":"error",
"message":"middlewareError",
"timestamp":"2013-11-20T04:16:30.958Z"
}
해결책
제휴하지 않습니다 StackOverflow