I will eventually have time to do that debugging, but for now I disabled the
check with a one-liner in http.c:
/* Check neutered by mel 20081231 because some ntop built-in HTML is buggy */
/* if((rc = checkURLsecurity(requestedURLCopy)) != 0) { */
if((rc = 0) != 0) {
Crashes no longer happen. BTW, I don't know if you understood, but this happens
just using the ntop web interface - I'm not hand-building URLs.
-mel
On 12/30/08 12:17 PM, "Burton Strauss III" <[email protected]> wrote:
You are looking at the request log - that doesn't give us the source.
From: [email protected] [mailto:[email protected]] On Behalf Of Mel
Beckman
Sent: Tuesday, December 30, 2008 10:15 AM
To: [email protected]
Subject: Re: [Ntop] "**ERROR** URL security" GUI lockouts
Can't I just turn on http request logging? Wouldn't that give me a transcript
of urls leading to the problem? A clever developer might even think of a way to
cache HTML log entries even when disk logging is off, then emitting them along
with the offending input.
-mel via cell
On Dec 30, 2008, at 6:36 AM, "Burton Strauss III" <[email protected]>
wrote:
Actually, URL security is working correctly. You sent a bad request and got
smacked for it.
Why the bad request is the problem... it reads like a missing closing tag, so
ntop is seeing some of the generated html as part of the request.
You need to figure out which screen it is and then we need to see the failing
page... which is tricky because you won't fail until after it's gone. You need
3 windows...
(1) Before clicking, view source (just leave it open)
(2) Click
(3) Monitor the log until you see the URL security message.
(4) If you don't get the error, close the source window and return to (1).
This way, when it does fail, you can save the source, send it along and tell us
what you clicked on.
-----Burton
From: [email protected] [mailto:[email protected]] On Behalf Of Mel
Beckman
Sent: Monday, December 29, 2008 11:07 PM
To: [email protected]
Subject: [Ntop] "**ERROR** URL security" GUI lockouts
I'm running NTop 3.3.9 on Fedora 10 and encountering a problem I've seen one
other person complain about. It looks like a bug to me. NTop appears to collect
data and analyze it just fine, but within a few minutes of browsing it I start
getting blank screens back instead of HTML. I've tried Firefox and Explorer,
and both HTTPS and HTTP, and get the same lockout every time. If I wait about
tenmintues, it lets me back it. At the same time the system logs "clearing
lockout for addresss xxx.xxx.xxx.xxx". "Here's the log right at the point of
failure. Up to this point nothing unusual has been recorded:
29 20:51:50 nprobe1 ntop[4806]: **ERROR** URL security:
'/%3CTD%20%20ALIGN=RIGHT%3E8.6%A0Mbit/s%3C/TD%3E%3CTD%20%20ALIGN=RIGHT%3E8.7%A0Mbit/s%3C/TD%3E%3CTD%20%20ALIGN=RIGHT%3E10.7%A0Mbit/s%3C/TD%3E%3CTD%20%20ALIGN=RIGHT%3E1249.3%A0Pkt/s%3C/TD%3E%3CTD%20%20ALIGN=RIGHT%3E1244.8%A0Pkt/s%3C/TD%3E%3CTD%20%20ALIGN=RIGHT%3E1535.0%A0Pkt/s%3C/TD%3E%3C/TR%3E%3CTR%20onMouseOver='
rejected (code=4)(client=10.2.10.99)
Dec 29 20:51:50 nprobe1 ntop[4806]: **ERROR** Rejected request from address
10.2.10.99 (it previously sent ntop a bad request)
Dec 29 20:51:50 nprobe1 ntop[4806]: **ERROR** Rejected request from address
10.2.10.99 (it previously sent ntop a bad request)
Dec 29 20:51:50 nprobe1 ntop[4806]: **ERROR** Rejected request from address
10.2.10.99 (it previously sent ntop a bad request)
Dec 29 20:51:50 nprobe1 ntop[4806]: **ERROR** Rejected request from address
10.2.10.99 (it previously sent ntop a bad request)
**ERROR** URL securityDec 29 21:00:45 nprobe1 ntop[4806]: clearing lockout
for address 10.2.10.99
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
