Forum
gateway timeout when authenticating to a drupal via hiawatha reverse proxy
Epe
28 April 2014, 05:17
well, another question:
today I compiled the rpm for centos-6 and Im testing it... and suddenly I started receiving 504 gateway timeout every time I tried to authenticate to ecualug.org. I found this in exploit.log
186.46.176.104|Sun 27 Apr 2014 22:04:23 -0500|ecualug.org|/|CSRF|name=epe&pass=reset&form_build_id=form-ZSxFhI2fYOTSA9KpdPYv5X9Hi3Y01RB-Ax21SoklpLY&form_id=user_login_block&op=Iniciar+sesi%C3%B3n
at first I tried to remove keep-alive from reverse-proxy, then to increase the timeout but it didn't work... then I removed PreventCSRF and everything went ok.. it is working ok as of now.
The configuration is:
Hiawatha version: 9.5
Operating System: CentOS-6
today I compiled the rpm for centos-6 and Im testing it... and suddenly I started receiving 504 gateway timeout every time I tried to authenticate to ecualug.org. I found this in exploit.log
186.46.176.104|Sun 27 Apr 2014 22:04:23 -0500|ecualug.org|/|CSRF|name=epe&pass=reset&form_build_id=form-ZSxFhI2fYOTSA9KpdPYv5X9Hi3Y01RB-Ax21SoklpLY&form_id=user_login_block&op=Iniciar+sesi%C3%B3n
at first I tried to remove keep-alive from reverse-proxy, then to increase the timeout but it didn't work... then I removed PreventCSRF and everything went ok.. it is working ok as of now.
The configuration is:
VirtualHost {
Hostname = ecualug.org, *.ecualug.org
UseToolkit = ecualug
WebsiteRoot = /var/www/ecualug
ReverseProxy .* http://127.0.0.1:80/ 15
PreventSQLi = yes
PreventXSS = yes
}
Hiawatha version: 9.5
Operating System: CentOS-6
Hugo Leisink
28 April 2014, 09:50
And the question is?
Epe
30 April 2014, 18:52
why removing "preventcsrf" made it work
Hugo Leisink
30 April 2014, 20:12
Do you have some sort of browser plugin installed to hide the HTTP Referer header?
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
