GreySec Forums
You will earn a +1 Rep if you find the problem :D - Printable Version

+- GreySec Forums (https://greysec.net)
+-- Forum: Security and Exploitation (https://greysec.net/forumdisplay.php?fid=7)
+--- Forum: Application Security (https://greysec.net/forumdisplay.php?fid=9)
+--- Thread: You will earn a +1 Rep if you find the problem :D (/showthread.php?tid=575)



You will earn a +1 Rep if you find the problem :D - beard - 10-29-2015

Hello,

If you find the problem in this code you will get +1 rep from me Big Grin

So have fun!

Code:
server {
   listen 80;
   server_name www.domain.com;
   server_name domain.com;
   access_log off;
   error_log off;
   location / {
      proxy_pass http://localhost/;
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addrr;
      proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
      proxy_max_temp_file_size 0;
      client_max_body_size 10m;
      client_body_buffer_size 128k;
      proxy_connect_timeout 90;
      proxy_send_timeout 90;
      proxy_read_timeout 90;
      proxy_buffer_size 4k;
      proxy_buffers 4 32k;
      proxy_busy_buffers_size 64k;
      proxy_temp_file_write_size 64k;
   }
}

Note they're three things wrong with this code.
Find them and you get rep Big Grin

Enjoy,
~ Network


RE: You will earn a +1 Rep if you find the problem :D - NO-OP - 10-30-2015

This is an nginx config and here are some issues I found with it at first glance.

Spoiler(Show)

proxy_set_header X-Real-IP $remote_addrr; => proxy_set_header X-Real-IP $remote_addr;
proxy_max_temp_file_size 0 => Could result in errors if response data is too large
proxy_connect_timeout 90 => proxy_connect_timeout 90s #times require a unit like seconds
proxy_send_timeout 90; => ditto
proxy_read_timeout 90; => ditto



RE: You will earn a +1 Rep if you find the problem :D - beard - 10-30-2015

(10-30-2015, 03:31 AM)NO-OP Wrote: This is an nginx config and here are some issues I found with it at first glance.

Spoiler(Show)

proxy_set_header X-Real-IP $remote_addrr; => proxy_set_header X-Real-IP $remote_addr;
proxy_max_temp_file_size 0 => Could result in errors if response data is too large
proxy_connect_timeout 90 => proxy_connect_timeout 90s #times require a unit like seconds
proxy_send_timeout 90; => ditto
proxy_read_timeout 90; => ditto

This is the only one you got right.
Code:
proxy_set_header X-Real-IP $remote_addrr; => proxy_set_header X-Real-IP $remote_addr;



RE: You will earn a +1 Rep if you find the problem :D - MuddyBucket - 10-31-2015

I see this is wrong:

proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

Should be

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


and while im not 100% sure that this will break it - but its far more common/documented practice to have only one server_name directive with all server names being set on one, eg

server_name domain.com www.domain.com;

*EDIT* I can't stop mybb from prefixing http:// to the line above - but it wasn't there intentionally


RE: You will earn a +1 Rep if you find the problem :D - beard - 10-31-2015

(10-31-2015, 02:15 AM)MuddyBucket Wrote: I see this is wrong:

proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

Should be

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


and while im not 100% sure that this will break it - but its far more common/documented practice to have only one server_name directive with all server names being set on one, eg

server_name domain.com www.domain.com;

*EDIT* I can't stop mybb from prefixing http:// to the line above - but it wasn't there intentionally

You got one right.
Code:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

So far two people have solved 2 of the errors.
First person to solve the third will get the rep Big Grin

~ Network


RE: You will earn a +1 Rep if you find the problem :D - Clickbait - 11-07-2015

I'm likely wrong, but is it something to do with the forward slash at the end of http://localhost/?

Code:
proxy_pass http://localhost/;



RE: You will earn a +1 Rep if you find the problem :D - beard - 11-09-2015

(11-07-2015, 06:59 AM)Neko Wrote: I'm likely wrong, but is it something to do with the forward slash at the end of http://localhost/?

Code:
proxy_pass http://localhost/;

Well it's not the slash but your on the right path.
It was the localhost part.
You're suppose to have an IP instead of localhost.
Anyways you did a good job.
So enjoy the rep Big Grin

~ Network


RE: You will earn a +1 Rep if you find the problem :D - Clickbait - 11-09-2015

(11-09-2015, 05:11 AM)Network Wrote: You're suppose to have an IP instead of localhost.

you could have http://localhost set up as an upstream :3


RE: You will earn a +1 Rep if you find the problem :D - MuddyBucket - 11-09-2015

(11-09-2015, 05:11 AM)Network Wrote: You're suppose to have an IP instead of localhost.

Not according to the documentation. Hell the documentation even uses localhost in its example. Theres no difference between localhost and 127.0.0.1

http://i.imgur.com/VGzNqZb.png


RE: You will earn a +1 Rep if you find the problem :D - beard - 11-11-2015

(11-09-2015, 01:31 PM)MuddyBucket Wrote:
(11-09-2015, 05:11 AM)Network Wrote: You're suppose to have an IP instead of localhost.

Not according to the documentation. Hell the documentation even uses localhost in its example. Theres no difference between localhost and 127.0.0.1

http://i.imgur.com/VGzNqZb.png

Hello,

First I want to clear up that I wasn't talking about adding in localhosts IP Address aka 127.0.0.1
I was talking about the backend servers IP Address that you want the frontend to communicate with.
If you don't but your backend IP Address in the config. 
Then you will get an error. Since your basically asking the server to direct your first request back to itself.
So in a sense creating a loop.
With the config I put. Your basically asking the front proxy to forward the request to the backend.
And the backend will respond to the frontend proxies request.

Hope this clears up some misunderstandings.
~ Network