Express.js恶意路径中间件错误403

时间:2013-12-04 22:02:05

标签: javascript node.js express middleware

当我向我的服务器发出请求时,我收到此错误,但仅在我的生产服务器上(预发布) - 我的登台服务器工作正常。两者都是AWS ubuntu盒子。

查看堆栈跟踪,错误的来源是一个http请求,其网址为“../../css”,然后由send.js 145和send.js 310解释为恶意路径,导致服务器崩溃。但是,在使用我的代码库后,不会出现'../../ css'。

我真的很感激任何人可以提供的任何帮助或见解,因为我发现的唯一类似的SO问题帮助我诊断了恶意路径问题,但没有帮助我理解../../css来自哪里:

403 / Forbidden on favicon with NodeJS / Express

谢谢!

{
   "date":"Wed Nov 20 2013 04:16:30 GMT+0000 (UTC)",
   "process":{
      "pid":10842,
      "uid":0,
      "gid":0,
      "cwd":"/home/ubuntu/developer-getlocket",
      "execPath":"/usr/bin/nodejs",
      "version":"v0.10.21",
      "argv":[
         "nodejs",
         "/home/ubuntu/developer-getlocket/app.js"
      ],

      "memoryUsage":{
         "rss":89632768,
         "heapTotal":63371520,
         "heapUsed":30075536
      }
   },

   "os":{
      "loadavg":[
         0.0029296875,
         0.0146484375,
         0.04541015625
      ],

      "uptime":2938975.002619042
   },

   "trace":[
      {
         "column":16,
         "file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/send/lib/send.js",
         "function":"SendStream.error",
         "line":145,
         "method":"error",
         "native":false
      },

      {
         "column":52,
         "file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/send/lib/send.js",
         "function":"SendStream.pipe",
         "line":310,
         "method":"pipe",
         "native":false
      },

      {
         "column":8,
         "file":"[as handle] (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/static.js",
         "function":"Object.staticMiddleware",
         "line":84,
         "method":"staticMiddleware",
         "native":false
      },

      {
         "column":15,
         "file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js",
         "function":"next",
         "line":190,
         "method":null,
         "native":false
      },

      {
         "column":5,
         "file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/logger.js",
         "function":"Object.logger",
         "line":156,
         "method":"logger",
         "native":false
      },

      {
         "column":15,
         "file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js",
         "function":"next",
         "line":190,
         "method":null,
         "native":false
      },

      {
         "column":7,
         "file":"[as handle] (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/favicon.js",
         "function":"Object.favicon",
         "line":77,
         "method":"favicon",
         "native":false
      },

      {
         "column":15,
         "file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js",
         "function":"next",
         "line":190,
         "method":null,
         "native":false
      },

      {
         "column":5,
         "file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/logger.js",
         "function":"Object.logger",
         "line":156,
         "method":"logger",
         "native":false
      },

      {
         "column":15,
         "file":"/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js",
         "function":"next",
         "line":190,
         "method":null,
         "native":false
      }
   ],

   "stack":[
      "Error: Forbidden",
      "    at SendStream.error (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/send/lib/send.js:145:16)",
      "    at SendStream.pipe (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/send/lib/send.js:310:52)",
      "    at Object.staticMiddleware [as handle] (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/static.js:84:8)",
      "    at next (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js:190:15)",
      "    at Object.logger (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/logger.js:156:5)",
      "    at next (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js:190:15)",
      "    at Object.favicon [as handle] (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/favicon.js:77:7)",
      "    at next (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js:190:15)",
      "    at Object.logger (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/middleware/logger.js:156:5)",
      "    at next (/home/ubuntu/developer-getlocket/node_modules/express/node_modules/connect/lib/proto.js:190:15)"
   ],

   "req":{
      "url":"/../../css",
      "headers":{
         "host":"developers.getlocket.com",
         "accept-encoding":"gzip, deflate",
         "accept":"*/*",
         "cookie":"connect.sid=s%3A9_PUj6XZqF8HKRCoTqHPT5cJ.V2cxTaxk5sLlsNtAMByR7JpvtvwbuebOMZ6IgoEQLgI",
         "connection":"keep-alive",
         "accept-language":"en-us",
         "user-agent":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7"
      },

      "method":"GET",
      "httpVersion":"1.1",
      **"originalUrl":"/../../css",**
      "query":{

      }
   },

   "level":"error",
   "message":"middlewareError",
   "timestamp":"2013-11-20T04:16:30.958Z"
}

1 个答案:

答案 0 :(得分:0)

我没有弄清楚底层问题,但我通过卸载node_modules然后重新安装它们来解决它。