starred/ngx_waf
1
0
Fork 0
mirror of https://github.com/ADD-SP/ngx_waf.git synced 2026-04-26 14:05:52 +03:00
Code Issues 20 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #35] 使用v5.1.0版本,网站出现MIME type不匹配问题 #154

New issue
Closed
opened 2026-03-13 16:38:00 +03:00 by kerem · 3 comments
kerem commented 2026-03-13 16:38:00 +03:00
Owner
Copy link

Originally created by @hibobmaster on GitHub (Apr 23, 2021).
Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/35

image
image

具体表现为网站的大部分图片和部分样式返回403,F12显示MIME type全是('text/html')
换回v5.0.0版本,一切都正常

nginx -V

nginx version: nginx/1.19.10
built with OpenSSL 1.1.1k  25 Mar 2021
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --with-openssl=/build/nginx/../openssl --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_geoip_module=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --add-module=/build/nginx/sb-modules/ngx_brotli --add-dynamic-module=/build/nginx/debian/modules/http-headers-more-filter --add-dynamic-module=/build/nginx/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx/debian/modules/http-cache-purge --add-dynamic-module=/build/nginx/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx/debian/modules/http-ndk --add-dynamic-module=/build/nginx/debian/modules/http-echo --add-dynamic-module=/build/nginx/debian/modules/http-fancyindex --add-dynamic-module=/build/nginx/debian/modules/http-geoip2 --add-dynamic-module=/build/nginx/sb-modules/ngx_http_ipdb_module --add-dynamic-module=/build/nginx/debian/modules/nchan --add-dynamic-module=/build/nginx/debian/modules/http-lua --add-dynamic-module=/build/nginx/debian/modules/rtmp --add-dynamic-module=/build/nginx/debian/modules/http-uploadprogress --add-dynamic-module=/build/nginx/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx/debian/modules/http-subs-filter

使用的配置如下

    waf on;
    waf_rule_path /etc/nginx/ngx_waf/rules/;
    waf_mode DYNAMIC;
    waf_cc_deny  rate=10r/m duration=2h size=50m;
    waf_cache capacity=100;
    waf_priority "W-IP IP W-URL URL CC ARGS UA W-REFERER REFERER COOKIE";

自定义了白名单

(?i)(?:wp-json)
(?i)(?:wp-content)
(?i)(?:wp-includes)
(?i)(?:wp-admin)

error_log如下

2021/04/23 03:44:45 [alert] 3109#3109: *132 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2021/04/2021-04-01_21-47.png HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/"
2021/04/23 03:44:45 [alert] 3109#3109: *133 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2021/01/geert-pieters-8QrPJ3Kfie4-unsplash.jpg HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/"
2021/04/23 03:44:45 [alert] 3109#3109: *134 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2021/02/2021020310294363.png HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/"
2021/04/23 03:44:45 [alert] 3109#3109: *135 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2021/03/109951165277053473.jpg HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/"
2021/04/23 03:44:45 [alert] 3109#3109: *136 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2021/01/2021010711333445.jpg HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/"
2021/04/23 03:44:46 [alert] 3109#3109: *137 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2021/01/2021011712080980.jpeg HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/"
2021/04/23 03:44:46 [alert] 3109#3109: *138 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2020/12/caelm.png HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/"
Originally created by @hibobmaster on GitHub (Apr 23, 2021). Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/35 ![image](https://user-images.githubusercontent.com/32976627/115838629-77d74b00-a44c-11eb-931e-a7b9b95bfb71.png) ![image](https://user-images.githubusercontent.com/32976627/115838876-b1a85180-a44c-11eb-931e-e24951e06387.png) 具体表现为网站的大部分图片和部分样式返回403,F12显示MIME type全是('text/html') 换回v5.0.0版本,一切都正常 nginx -V ``` nginx version: nginx/1.19.10 built with OpenSSL 1.1.1k 25 Mar 2021 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --with-openssl=/build/nginx/../openssl --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_geoip_module=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --add-module=/build/nginx/sb-modules/ngx_brotli --add-dynamic-module=/build/nginx/debian/modules/http-headers-more-filter --add-dynamic-module=/build/nginx/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx/debian/modules/http-cache-purge --add-dynamic-module=/build/nginx/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx/debian/modules/http-ndk --add-dynamic-module=/build/nginx/debian/modules/http-echo --add-dynamic-module=/build/nginx/debian/modules/http-fancyindex --add-dynamic-module=/build/nginx/debian/modules/http-geoip2 --add-dynamic-module=/build/nginx/sb-modules/ngx_http_ipdb_module --add-dynamic-module=/build/nginx/debian/modules/nchan --add-dynamic-module=/build/nginx/debian/modules/http-lua --add-dynamic-module=/build/nginx/debian/modules/rtmp --add-dynamic-module=/build/nginx/debian/modules/http-uploadprogress --add-dynamic-module=/build/nginx/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx/debian/modules/http-subs-filter ``` 使用的配置如下 ``` waf on; waf_rule_path /etc/nginx/ngx_waf/rules/; waf_mode DYNAMIC; waf_cc_deny rate=10r/m duration=2h size=50m; waf_cache capacity=100; waf_priority "W-IP IP W-URL URL CC ARGS UA W-REFERER REFERER COOKIE"; ``` 自定义了白名单 ``` (?i)(?:wp-json) (?i)(?:wp-content) (?i)(?:wp-includes) (?i)(?:wp-admin) ``` error_log如下 ``` 2021/04/23 03:44:45 [alert] 3109#3109: *132 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2021/04/2021-04-01_21-47.png HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/" 2021/04/23 03:44:45 [alert] 3109#3109: *133 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2021/01/geert-pieters-8QrPJ3Kfie4-unsplash.jpg HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/" 2021/04/23 03:44:45 [alert] 3109#3109: *134 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2021/02/2021020310294363.png HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/" 2021/04/23 03:44:45 [alert] 3109#3109: *135 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2021/03/109951165277053473.jpg HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/" 2021/04/23 03:44:45 [alert] 3109#3109: *136 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2021/01/2021010711333445.jpg HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/" 2021/04/23 03:44:46 [alert] 3109#3109: *137 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2021/01/2021011712080980.jpeg HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/" 2021/04/23 03:44:46 [alert] 3109#3109: *138 ngx_waf: [WHITE-URL][(?i)(?:wp-content)], client: 173.82.212.xx, server: blog.hibobmaster.com, request: "GET /wp-content/uploads/2020/12/caelm.png HTTP/1.1", host: "blog.hibobmaster.com", referrer: "https://blog.hibobmaster.com/" ```
kerem 2026-03-13 16:38:00 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-03-13 16:38:16 +03:00
Author
Owner
Copy link

@ADD-SP commented on GitHub (Apr 23, 2021):

@hibobmaster 有条件的话就加一下文档里的联系方式吧,有时候不看 Github。

<!-- gh-comment-id:825504843 --> @ADD-SP commented on GitHub (Apr 23, 2021): @hibobmaster 有条件的话就加一下文档里的联系方式吧,有时候不看 Github。
kerem commented 2026-03-13 16:38:21 +03:00
Author
Owner
Copy link

@ADD-SP commented on GitHub (Apr 23, 2021):

@hibobmaster 已经确认为 bug,并在测试版 v5.1.1-beta.1 中修复。

<!-- gh-comment-id:825528161 --> @ADD-SP commented on GitHub (Apr 23, 2021): @hibobmaster 已经确认为 bug,并在测试版 v5.1.1-beta.1 中修复。
kerem commented 2026-03-13 16:38:26 +03:00
Author
Owner
Copy link

@hibobmaster commented on GitHub (Apr 23, 2021):

好的,谢谢大佬,我以后优先用电子邮件联系你

经测试bug在v5.1.1-beta.1中被修复

<!-- gh-comment-id:825552776 --> @hibobmaster commented on GitHub (Apr 23, 2021): 好的,谢谢大佬,我以后优先用电子邮件联系你 经测试bug在v5.1.1-beta.1中被修复
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
lts
lts-dev
add_sp/refactor-replace-libcurl-with-subreq
current-dev
current
current-dev-backup
v6.1.10
v10.1.2
v6.1.9
v6.1.8
v10.1.1
v10.1.0
v6.1.7
v10.0.1
v10.0.0
v9.0.6
v9.0.5
v6.1.6
v6.1.5
v9.0.4
v9.0.3
v9.0.2
v9.0.1
v9.0.0
v8.0.3
v6.1.4
v8.0.2
v8.0.1
v6.1.3
v8.0.0
v7.1.0
v6.1.2
v7.0.1
v7.0.0
v6.1.1
v6.1.0
v6.0.3
v6.0.2
v6.0.2-beta.1
v6.0.1
v6.0.1-beta.2
v6.0.1-beta.1
v6.0.0
v6.0.0-beta.4
v5.5.1
v6.0.0-beta.2
v6.0.0.beta.3
v6.0.0-beta.1
v5.5.0
v5.4.2
v5.4.2-beta.2
v5.4.2-beta.1
v5.4.1
v5.4.1-beta.1
v5.4.0
v5.4.0-beta.1
v5.3.2
v5.3.1
v5.3.0
v5.3.0-beta.4
v5.3.0-beta.3
v5.3.0-beta.2
v5.3.0-beta.1
v5.2.0
v5.2.0-beta.2
v5.2.0-beta.1
v5.1.1
v5.1.1-beta.1
v5.1.0
v5.0.0
v5.0.0-beta.5
v5.0.0-beta.4
v5.0.0-beta.3
v5.0.0-beta.2
v5.0.0-beta.1
v4.1.0-beta.4
v4.1.0-beta.3
v4.1.0-beta.2
v4.1.0-beta.1
v4.0.0
v4.0.0-beta.2
v3.1.6
v3.2.0-beta.1
v3.1.5
v3.1.4
v3.1.3
v3.1.2
v3.1.1
v3.1.0
v3.1.0-beta-1
v3.0.3-beta-3
v3.0.2
v3.0.3-beta-2
v3.0.3-beta-1
v3.0.2-beta-2
v3.0.2-beta-1
v3.0.1
v3.0.0
v3.0.0-beta-2
v3.0.0-beta-1
v2.1.1
v2.1.0
v2.0.2
v2.0.1
v2.0.1-beta-1
v2.0.0
v2.0.0-beta.1
v1.0.1
v1.0.0
v1.0.0-RC2
v1.0.0-RC1
Labels
Clear labels   
MacOS

   
Nginx

   
OpenResty

   
Tengine

   
bug

   
documentation

   
enhancement

   
needs-investigation

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
stale

   
stale

   
timeout

   
wontfix
No labels
MacOS
Nginx
OpenResty
Tengine
bug
documentation
enhancement
needs-investigation
pull-request
question
stale
stale
stale
timeout
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ngx_waf#154
No description provided.