Configure ModSecurity to allow IP addresses as server name and [BUG] impossible to create a custom configuration on UI about bunkerweb HOT 20 CLOSED

Hi @weizhuangzhi, if you look at the Modsecurity logs you'll see that it doesn't like that you put an ip address as a SERVER_NAME. it is linked to this rule specifically ->

This is not a much of bug but more a misconfiguration. If you want to allow IP addresses as server names you should add an override to ignore this rule -> id:920350

SecRuleRemoveById 920350

PS: Here's the documentation part for custom configs (the type you're looking for is modsec-crs) -> https://docs.bunkerweb.io/testing/quickstart-guide/#custom-configurations

from bunkerweb.

@TheophileDiot thank you for your reply！

from bunkerweb.

Anytime !

from bunkerweb.

I changed IP access to domain name access, but files still cannot be added to SERVICE MANAGER. The page returns a 500 error, and no information is recorded in /var/log/bunkerweb/error.log.
Are there any other reasons for this problem?

from bunkerweb.

Interesting. Do you have logs with the UI maybe ? Else I'll check what could be the issue and let you know.

from bunkerweb.

@weizhuangzhi are you using Fedora Sever 38 like in the other issues as well ?

from bunkerweb.

Yes, they were all tested in the same environment
I don't know much about python. Is there a way to display the detailed error message of 500? I can continue to test it, or do I need to provide other information?

from bunkerweb.

Don't worry @weizhuangzhi, I'll test it myself and let you know
If you want more logs with the UI you'll need to use the dev environment instead of the prod one by editing this line in the file /usr/share/bunkerweb/scripts/bunkerweb-ui.sh -->

from bunkerweb.

OK，thanks
I just removed 500 in /etc/bunkerweb/variables.env config
bunker6.tt_INTERCEPTED_ERROR_CODES=400 404 405 413 429 501 502 503 504

I got a "Redirecting..." page
Redirecting...
You should be redirected automatically to the target URL: /manage/loading?next=/manage/configs. If not, click the link.

I cleared all five files in the /var/log/bunkerweb directory. After adding the files, there are only two access logs in the access.log and ui-access.log files, and there are no records in other files.

from bunkerweb.

@weizhuangzhi, does the command journalctl -u bunkerweb-ui --no-pager gives you anything ?

from bunkerweb.

9月 08 14:21:27 fedora38 bunkerweb-ui.sh[4052]: [2023-09-08 14:21:27] - main - ℹ️  - Database connection established
9月 08 14:21:27 fedora38 bunkerweb-ui.sh[4052]: [2023-09-08 14:21:27] - main - ℹ️  - Database is ready
9月 08 14:28:20 fedora38 bunkerweb-ui.sh[4219]: [2023-09-08 14:28:20] - GENERATOR - ℹ️  - Save config started ...
9月 08 14:28:20 fedora38 bunkerweb-ui.sh[4219]: [2023-09-08 14:28:20] - GENERATOR - ℹ️  - Settings : /usr/share/bunkerweb/settings.json
9月 08 14:28:20 fedora38 bunkerweb-ui.sh[4219]: [2023-09-08 14:28:20] - GENERATOR - ℹ️  - Core : /usr/share/bunkerweb/core
9月 08 14:28:20 fedora38 bunkerweb-ui.sh[4219]: [2023-09-08 14:28:20] - GENERATOR - ℹ️  - Plugins : /etc/bunkerweb/plugins
9月 08 14:28:20 fedora38 bunkerweb-ui.sh[4219]: [2023-09-08 14:28:20] - GENERATOR - ℹ️  - Init : False
9月 08 14:28:20 fedora38 bunkerweb-ui.sh[4219]: [2023-09-08 14:28:20] - GENERATOR - ℹ️  - Checking arguments ...
9月 08 14:28:20 fedora38 bunkerweb-ui.sh[4219]: [2023-09-08 14:28:20] - GENERATOR - ℹ️  - Variables : /tmp/1b230bfd-14bf-4ceb-aa18-503725121faa.env
9月 08 14:28:20 fedora38 bunkerweb-ui.sh[4219]: [2023-09-08 14:28:20] - GENERATOR - ℹ️  - Computing config ...
9月 08 14:28:20 fedora38 bunkerweb-ui.sh[4219]: [2023-09-08 14:28:20] - GENERATOR - ℹ️  - Database connection established
9月 08 14:28:20 fedora38 bunkerweb-ui.sh[4219]: [2023-09-08 14:28:20] - GENERATOR - ℹ️  - Database is already initialized, skipping ...
9月 08 14:28:21 fedora38 bunkerweb-ui.sh[4219]: [2023-09-08 14:28:21] - GENERATOR - ℹ️  - Config successfully saved to database
9月 08 14:28:21 fedora38 bunkerweb-ui.sh[4219]: [2023-09-08 14:28:21] - GENERATOR - ℹ️  - Config saver successfully executed !
9月 08 14:28:21 fedora38 bunkerweb-ui.sh[4252]: [2023-09-08 14:28:21] - GENERATOR - ℹ️  - Save config started ...
9月 08 14:28:21 fedora38 bunkerweb-ui.sh[4252]: [2023-09-08 14:28:21] - GENERATOR - ℹ️  - Settings : /usr/share/bunkerweb/settings.json
9月 08 14:28:21 fedora38 bunkerweb-ui.sh[4252]: [2023-09-08 14:28:21] - GENERATOR - ℹ️  - Core : /usr/share/bunkerweb/core
9月 08 14:28:21 fedora38 bunkerweb-ui.sh[4252]: [2023-09-08 14:28:21] - GENERATOR - ℹ️  - Plugins : /etc/bunkerweb/plugins
9月 08 14:28:21 fedora38 bunkerweb-ui.sh[4252]: [2023-09-08 14:28:21] - GENERATOR - ℹ️  - Init : False
9月 08 14:28:21 fedora38 bunkerweb-ui.sh[4252]: [2023-09-08 14:28:21] - GENERATOR - ℹ️  - Checking arguments ...
9月 08 14:28:21 fedora38 bunkerweb-ui.sh[4252]: [2023-09-08 14:28:21] - GENERATOR - ℹ️  - Variables : /tmp/e4e1d96a-36c4-462f-b87a-1785073f453b.env
9月 08 14:28:21 fedora38 bunkerweb-ui.sh[4252]: [2023-09-08 14:28:21] - GENERATOR - ℹ️  - Computing config ...
9月 08 14:28:21 fedora38 bunkerweb-ui.sh[4252]: [2023-09-08 14:28:21] - GENERATOR - ℹ️  - Database connection established
9月 08 14:28:21 fedora38 bunkerweb-ui.sh[4252]: [2023-09-08 14:28:21] - GENERATOR - ℹ️  - Database is already initialized, skipping ...
9月 08 14:28:22 fedora38 bunkerweb-ui.sh[4252]: [2023-09-08 14:28:22] - GENERATOR - ℹ️  - Config successfully saved to database
9月 08 14:28:22 fedora38 bunkerweb-ui.sh[4252]: [2023-09-08 14:28:22] - GENERATOR - ℹ️  - Config saver successfully executed !

from bunkerweb.

Interesting, and you managed to reproduce your error ?

from bunkerweb.

Tried it again, still the same error.
There are no new entries in the journalctl log.

from bunkerweb.

Weird, I'm currently building a .deb file to test it myself, thank you for the help 😁

from bunkerweb.

I'm missing something:
When the 500 page appears, return to the previous page on the browser and you will see a message in the Messages of the Web UI:

Error
/etc/bunkerweb/configs/http/ doesn't exist

This directory does not exist. The /etc/bunkerweb/configs directory is empty after default installation. I hope this will help you.

from bunkerweb.

Thank you 🙏

from bunkerweb.

I think it's a mix between permissions issues and missing folders, try creating the folders manually and executing the commands :

sudo chown -R nginx:nginx /etc/bunkerweb/
sudo chmod -R 770 /etc/bunkerweb/```

from bunkerweb.

Just tested it and that did the trick, it'll be automatically fixed in the next version, thanks again for this issue.

from bunkerweb.

There has been some progress on this issue.
sudo chown -R nginx:nginx /etc/bunkerweb/
sudo chmod -R 770 /etc/bunkerweb/
Still the same error after performing the operation
I manually created the /etc/bunkerweb/configs/http/bunker6.tt/ folder and granted permissions again, and finally I can write files!

from bunkerweb.

Hey @weizhuangzhi,

It should be fixed in the last 1.5.2 version. Feel free to open a new issue if needed.

from bunkerweb.