So when a 'ws' request hits my django server on azure app service in logs it shows
2022-05-27T03:40:41.606708018Z Not Found: /tm/123
2022-05-27T03:40:41.608467127Z 169.254.130.1 - - [27/May/2022:03:40:41 +0000] "GET /tm/123 HTTP/1.1" 404 4190 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36"
So this may be due to daphne service is not on in my server environment
when I put a startup command for daphne it gives error
Related
I have an AWS-hosted web application that initiates a long-running server process (more than 10 mintues). An Nginx reverse proxy server sits between the application load balancer (ALB) and the service. Both the Nginx server and the service reside within separate Kubernetes pods running on an EC2 instance.
I'm experiencing an issue with a connection being closed. The Nginx logs show a HTTP 499 error:
(][05/Dec/2022:12:02:27 +0000] "POST -------------- HTTP/1.1" 499 0
"https://------------.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0
Safari/537.36")
The issue is repeatable and occurs exactly 10 minutes after the request was initiated. Despite my having set the ALB, Nginx, and SQL Alchemy timeouts to be much longer than 10 minutes, I suspect a timeout is occurring with a default value of 10 minutes, but I can't figure out where.
Nginx is the product I'm least familiar with and so I suspect that I have failed to make the necessary timeout configs in its conf file. I have set this:
proxy_read_timeout 20m;
Can anyone suggest where in the system the default timeout is occurring?
My flask chat application was working fine on localhost development server. But when i hosted my app on heroku nothing is working properly and i checked console to find lots of Bad Requests.
Both GET and POST requests are getting 400 errors.
"GET /socket.io/?EIO=3&transport=polling&t=1592543494128-64&sid=6740d63740c24f6ca6bd7234325a7c21 HTTP/1.1" 400 11 "https://flack-ma.herokuapp.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36"
"POST /socket.io/?EIO=3&transport=polling&t=1592543547379-72&sid=8eadd5ac2bcf4ff1a414d878aa506839 HTTP/1.1" 400 11 "https://flack-ma.herokuapp.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36"
App worked fine on localhost.
Deployment Link
Project Repo
I dont know whats wrong.
In our code:
app = Flask(name)
blueprint = Blueprint('api',name,url_prefix='/api')
api = Api(blueprint, doc='/doc/')
app.register_blueprint(blueprint)
From the log..it's not using the prefix...swaggerui is off root.
"GET /swaggerui/bower/swagger-ui/dist/fonts/DroidSans-Bold.ttf HTTP/1.1" 200 0
"http://10.99.72.221:5002/api/doc/" "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_10_5) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2
Safari/603.3.8"
It's causing issues for AWS Application Load Balancer, as the only route I can define is /api, since it's running inside a Docker container.
Is there a way to insert a path in front of /swaggerui?
I am running a Django application on AWS Elastic Beanstalk. I keep having alerts (for days now) because the following user agent constantly tries to access some pages: "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:55 +0000] "HEAD /pma/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:55 +0000] "HEAD /db/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:56 +0000] "HEAD /admin/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:56 +0000] "HEAD /mysql/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:56 +0000] "HEAD /database/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:57 +0000] "HEAD /db/phpmyadmin/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:57 +0000] "HEAD /db/phpMyAdmin/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:57 +0000] "HEAD /sqlmanager/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:58 +0000] "HEAD /mysqlmanager/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:58 +0000] "HEAD /php-myadmin/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:58 +0000] "HEAD /phpmy-admin/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:59 +0000] "HEAD /mysqladmin/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:59 +0000] "HEAD /mysql-admin/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
[30/Jul/2017:13:55:59 +0000] "HEAD /admin/phpmyadmin/ HTTP/1.1" 403 - "-" "Mozilla/5.0 Jorgee"
It used to return 404, but I managed to block it to 403 thanks to the following line in settings.py:
DISALLOWED_USER_AGENTS = (re.compile(r'Mozilla\/5.0 Jorgee'), )
Is there a way to simply block it from even getting to the Django level? Or a way to stop getting it written to the logs? It generates Health Check alerts :-/
You could create an AWS Web Application Firewall with a rule to reject traffic using that user agent string. Then attach the WAF to the Elastic Load Balancer in your Elastic Beanstalk environment.
Alternatively, you could create a rule in the reverse-proxy running on your Elastic Beanstalk EC2 instances to block that traffic before it gets to Django. I'm not sure if Django apps on EB default to using Apache or Nginx for the reverse proxy. You'd have to figure out which one you are using and then look up how to configure that to block traffic based on a user-agent string.
It's not clear to me how this traffic is causing health check alerts in your application. If it is spamming your app with so much traffic that your server becomes overloaded and unresponsive, then I would recommend using a WAF to block it so that your server(s) will never have to see the traffic at all.
You could use AWS WAF rules to block anything you want from there. Nevertheless I assume that you've created environment with Classic Load Balancer. Migration to the Application Load Balancer is not a pain indeed. And what it does is way more than Classic Load Balancer, with some chances for upgrade in the future. If you would consider moving out to the ALB (we did this long time ago, so every new environment has it), the there's easy way to block these things out, or just move them aside so they don't interrupt.
For us, the easiest approach was to define AWS WAF rule to have string condition matching the Host header against some defined domains we publish our sites with. If there's any request, that is not using this domain, it will get 403 and won't generate things like requests to the ELB are failing with 5xx on Elastic Beanstalk. If you take a closer look at logs on ELB level, these bots tend to use direct IP adresses, not DNS names, so it generates errors when accessing website with defined server_names in Nginx, for instance.
So thanks to this, we have clearer logs and there's no more health warning on EB environment, which was a standard before.
I described this case in details here https://www.mkubaczyk.com/2017/10/10/use-aws-waf-block-bots-jorgee-500-status-elastic-beanstalk if you need some guidance or screenshots.
Try to use ModSecurity , Where you can control your traffic to apache server
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual
https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.0/master/rules
add user agent to be blocked to this file in your server
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/rules/crawlers-user-agents.data
I am trying to set up a web service on AWS Elastic Beanstalk, however whenever I submit a request to the server, it responds with a 404 error.
Is there a way to view a log of the traffic to my AWS server, so I can view whether or not requests are actually being submitted, and whether or not they are properly formed so I may potentially narrow down the origin of the problem?
Log for requests sent to the server can be found under:
/var/log/nginx/access.log
You can see a snippet of my log below:
-------------------------------------
/var/log/nginx/access.log
-------------------------------------
141.163.107.3 - - [25/Nov/2016:15:50:33 +0000] "GET / HTTP/1.1" 200 2111 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"
141.163.107.3 - - [25/Nov/2016:15:51:01 +0000] "GET /HelloWorld HTTP/1.1" 404 490 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"