|
|
Have you customized any wox template? SOGo doesn't use the lang URL parameter. Look for a client with a broken extension, or a misconfiguration server-side. |
|
fsoyer
2022-04-19 13:23
reporter
~0015971
Last edited: 2022-04-19 13:24
|
I don't know what "wox" templates are, I don't change anything in Sogo, the only file I customized was the nginx conf. I found this example :
12.34.56.78 - - [19/Apr/2022:13:55:54 +0200] "GET /SOGo.woa/WebServerResources/js/Mailer.services.js?lm=1643114143 HTTP/2.0" 304 0 "https://sogo.domaine.fr/SOGo/so/john.smith@domaine.fr/Mail/view" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0"
12.34.56.78 - - [19/Apr/2022:13:55:54 +0200] "GET /SOGo.woa/WebServerResources/js/vendor/angular-file-upload.min.js?lm=1643114143 HTTP/2.0" 304 0 "https://sogo.domaine.fr/SOGo/so/john.smith@domaine.fr/Mail/view" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0"
12.34.56.78 - - [19/Apr/2022:13:55:54 +0200] "GET /SOGo.woa/WebServerResources/js/vendor/FileSaver.min.js?lm=1643114143 HTTP/2.0" 304 0 "https://sogo.domaine.fr/SOGo/so/john.smith@domaine.fr/Mail/view" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0"
12.34.56.78 - - [19/Apr/2022:13:55:54 +0200] "GET /SOGo?lang=fr.woa/WebServerResources/js/vendor/angular-cookies.min.js?lm=1643114143 HTTP/2.0" 404 132 "https://sogo.domaine.fr/SOGo/so/john.smith@domaine.fr/Mail/view" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0"
12.34.56.78 - - [19/Apr/2022:13:55:54 +0200] "GET /SOGo?lang=fr.woa/WebServerResources/js/vendor/angular-messages.min.js?lm=1643114143 HTTP/2.0" 404 132 "https://sogo.domaine.fr/SOGo/so/john.smith@domaine.fr/Mail/view" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0"
12.34.56.78 - - [19/Apr/2022:13:55:54 +0200] "GET /SOGo?lang=fr.woa/WebServerResources/js/vendor/angular-material.min.js?lm=1643114143 HTTP/2.0" 404 132 "https://sogo.domaine.fr/SOGo/so/john.smith@domaine.fr/Mail/view" "Mozilla/5.0 (X11; Ubuntu; Lin
Do you see ? At on time, in the GET requests, it suddenly becomes "GET /SOGo?lang=fr.woa/WebServerResources/". I don't think this is a client problem, as it is solves for some hours if I restart the service, but what do you mean by "a broken extension" ? |
|
|
|
SOGo won't add "lang=fr" to the URL. So the cause is external to SOGo. A broken extension would be a browser extension that incorrectly manipulates either URLs or the HTML content. Can you reproduce the issue with a pristine browser? |
|
|
|
I'm sure that it is not extensions. This users are '"basics" and probably can't even imaginate that "extensions" exist for a browser... And when it arrives, all users on this server are impacted at the same time.
The problem is that it appends randomly. The users nerver see this URL, they just discover that there are blocked by the IDS. At this time, I can see this "?lang=fr" URLs in the log and errors 404, I restart sogo, unblock their IP, and this works for some hours.
Now it was restart at 2pm. I need to wait for the next errors to see what I can do at client side (change browser, for example) :/ |
|
|
|
Does the 404 appear when accessing a module other than Mail? |
|
|
|
Difficult to say, as the module isn't displayed in the url "WebserverResources", but for a PID given, the "good" url in log preceding the ones with "lang=fr" can be other than Mail
Apr 19 13:55:50 sogod [18153]: 127.0.0.1 "GET /SOGo/so/xxxx.xxxx@xxxx.fr/Mail/0/folderINBOX/309/view HTTP/1.1" 200 38288/0 0.627 - - 68K - 16
Apr 19 13:55:50 sogod [18153]: 127.0.0.1 "GET /SOGo?lang=fr.woa/WebServerResources/js/vendor/lodash.min.js?lm=1643114143 HTTP/1.1" 404 132/0 0.002 - - 0 - 15
Apr 19 09:44:04 sogod [18152]: 127.0.0.1 "GET /SOGo/so/xxxx.xxxx@xxxx.fr/Calendar/view HTTP/1.1" 200 303769/0 0.668 487328 37% 0 - 16
Apr 19 09:44:04 sogod [18152]: 127.0.0.1 "GET /SOGo?lang=fr.woa/WebServerResources/css/theme-default.css?lm=1643114142 HTTP/1.1" 404 145/0 0.002 - - 0 - 16 |
|
|
|
Those files are referred in UIxPageFrame.wox.
Can you snif the traffic coming out of sogod on port 20000 (not nginx) and report the URLs that you see for those resources? |
|
|
|
Mmmh I see a port 20000 from sogod, but I guess you don't want some output from something like tcpdump, even with -w flag... Do you how any tool for displaying readable urls from this port 20000 ? |
|
|
|
OK I found ngrep in repository EPEL. I try it. |
|
|
|
You can also use tcpflow:
tcpflow -i lo -C -a tcp port 20000 -X /dev/null | grep WebServerResources
|
|
|
|
OK, I get the error just when I was trying ngrep. This will be difficult to anonimize tho logs. Tell me if I check "private", I can upload files here only for your eyes ? |
|
|
|
The point is to simply confirm that you see URLs with "?lang=fr" coming from sogod on port 20000. |
|
|
|
Oh OK, and I can add another info.
I created a first log with ngrep when there was "lang=fr" errors. I was just on the login page (which was not displayed because of errors 404). URLS with WebServerResource and lang=fr was logged by ngrep.
I have just restarted sogod. I have now the login page, and the error are gone in sogo.log/nginx.log.
BUT now I there is nothing passing on port 20000 : no url, with or without WebServerResource, nothing else :/ the same "ngrep" command as before log nothing.
Does it help ? |
|
|
|
Sorry, I made a mistake : there is no URL with "WebServerResource" or "woa". But if I remove any regex, I see just normal URLs, like those logged by nginx. |
|
fsoyer
2022-04-20 09:01
reporter
~0015984
Last edited: 2022-04-20 12:38
|
What I understand is, that for an unknown reason, "/SOGO.woa/' becomes "/SOGO?lang=fr.woa/". What is translating this alias ? Server ? Client ? I found no "lang=fr" in the nginx configuration.
I firstly supposed that it appends only on the alias "/SOGo.woa/WebServerResources/" (I found only errors 404 with "?lang=fr.woa/") but, continuing to dig in logs, I search "lang=fr" and I find that, when errors 404 append, there can be (not always) some lines like that :
Apr 19 17:00:59 sogod [11125]: 127.0.0.1 "GET /SOGo?lang=fr///////// HTTP/1.1" 200 10362/0 0.066 36707 71% 0 - 18
Apr 19 17:24:40 sogod [11124]: 127.0.0.1 "GET /SOGo?lang=fr//////////////////// HTTP/1.1" 200 10384/0 0.087 36723 71% 36K - 20
Apr 19 17:37:42 sogod [11118]: 127.0.0.1 "GET /SOGo?lang=fr///////////// HTTP/1.1" 200 10382/0 0.073 36723 71% 12K - 20
This is accepted (HTTP 200) because there is nothing but some not significant "/" after lang=fr. So I wonder if the problem is not rather on an simple alias "/SOGo" ?
In nginx I have just :
location ^~/SOGo
{
proxy_pass 'http://127.0.0.1:20000';
proxy_redirect 'http://127.0.0.1:20000' default;
[...]
break;
}
If this "lang=fr" is passed to port 20000, this means that nginx received it and passed it to sogod ? |
|
|
|
I would recommend to first find how to reproduce the problem.
You could also switch to Apache and see if the problem disappears. You could also check the community wiki for the nginx configuration. |
|
|
|
I'm having the same problem with SOGo 5.8.0, but the string in the URL is not ?lang=fr but _?task=mail&_action=refresh. That string is being used by another application running in the same nginx but with the location /mail (roundcube).
For some reason nginx is mixing stuff between those two applications.
Did you find a solution for this problem? |
|
|
|
I'm having the same issue - SOGo is grabbing strings from other applications running (caching in Apache or Nginx perhaps?) See https://bugs.sogo.nu/view.php?id=5793
I can't believe that this is not a bigger deal - the app is picking up things outside of its scope and breaking.
Here's one for mine:
172.71.151.6 - - [17/Jun/2023:17:18:34 +1000] "GET /SOGo?page=Server04_Change_History_2013&actionID=export&format=rst HTTP/1.1" 200 9458 "-" "Mozilla/5.0 (compatible; DotBot/1.2; +https://opensiteexplorer.org/dotbot; help@moz.com)"
108.162.250.149 - - [17/Jun/2023:18:29:03 +1000] "GET /SOGo?page=Server04_Change_History_2013&actionID=export&format=rst.woa/WebServerResources/css/theme-default.css?lm=1686648803 HTTP/1.1" 404 145 "https://webmail.simonandkate.net/SOGo/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0"
Looks like an inbound request from a crawlbot from a page that used to be on a previous version of my mail site (Horde) is then dropped into SOGo GET string... result is a non-functioning SOGo. |
|
|
|
I can reproduce it by putting random string in the URL on the end of a GET request:
e.g. https://webmail.simonandkate.net/SOGo?page=anything_here
Result is a 200 OK (WHY??) followed by a set of invalid URL failures with 404 for items which I recognise as being from Horde previously on my server.
Here are a couple of examples:
172.68.146.58 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=anything_here HTTP/1.1" 200 9465 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.50 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/css/theme-default.css?lm=1686648803 HTTP/1.1" 404 145 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.27 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/js/vendor/angular-animate.min.js?lm=1686648803 HTTP/1.1" 404 132 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.57 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/js/vendor/angular-aria.min.js?lm=1686648803 HTTP/1.1" 404 132 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.11 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/js/vendor/angular-ui-router.min.js?lm=1686648803 HTTP/1.1" 404 132 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.5 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/js/vendor/angular.min.js?lm=1686648803 HTTP/1.1" 404 132 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.41 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/js/vendor/angular-material.min.js?lm=1686648803 HTTP/1.1" 404 132 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.63 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/js/vendor/angular-sanitize.min.js?lm=1686648803 HTTP/1.1" 404 132 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.56 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/css/styles.css?lm=1686648803 HTTP/1.1" 404 138 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.60 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/js/Common.js?lm=1686648803 HTTP/1.1" 404 135 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.47 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/js/vendor/lodash.min.js?lm=1686648803 HTTP/1.1" 404 132 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.46 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/js/Main.js?lm=1686648803 HTTP/1.1" 404 133 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.50 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/img/sogo-full.svg?lm=1686648803 HTTP/1.1" 404 141 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.44 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/js/vendor/angular-cookies.min.js?lm=1686648803 HTTP/1.1" 404 132 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.3 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/js/vendor/angular-messages.min.js?lm=1686648803 HTTP/1.1" 404 132 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.146.57 - - [17/Jun/2023:23:29:56 +1000] "GET /SOGo?page=RecentChanges&referrer=emp06.woa/WebServerResources/img/sogo.ico?lm=1686648803 HTTP/1.1" 404 136 "https://webmail.simonandkate.net/SOGo?page=anything_here" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
This one it dropped the random GET string into the subsequent resource requests and failed:
172.68.66.92 - - [17/Jun/2023:23:34:19 +1000] "GET /SOGo?page=anything_else HTTP/1.1" 200 9431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.66.55 - - [17/Jun/2023:23:34:19 +1000] "GET /SOGo?page=anything_else.woa/WebServerResources/img/sogo-full.svg?lm=1686648803 HTTP/1.1" 404 141 "https://webmail.simonandkate.net/SOGo?page=anything_else" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.66.32 - - [17/Jun/2023:23:34:19 +1000] "GET /SOGo?page=anything_else.woa/WebServerResources/js/Main.js?lm=1686648803 HTTP/1.1" 404 133 "https://webmail.simonandkate.net/SOGo?page=anything_else" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51"
172.68.66.92 - - [17/Jun/2023:23:34:19 +1000] "POST /SOGo/so/simon/Mail/0/folderINBOX/expunge HTTP/1.1" 200 57 "https://webmail.simonandkate.net/SOGo/so/simon/Mail/view" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51" |
|
related to
child of
duplicate of
