[Bug]
Discussion Closed
Published 2 months ago
# Github Issue
Published 2 months ago
violetmoon027
Updated 2 months ago
0
What happened?
拦截场景实现步骤
1. 使用docker-compose 部署alist1version: '3' 2services: 3 alist: 4 container_name: alist 5 ports: 6 - '5244:5244' 7 environment: 8 - PUID=0 9 - PGID=0 10 - UMASK=022 11 image: 'xhofe/alist:latest'
- 部署雷池7.6.3版本
- 在雷池配置alist站点,同时需要注意不要开启全局配置中的http2.0[alist的stream上传使用的是http1.X的长连接,http2不兼容]
- 进入alist后台进行上传文件,同时观察nginx的error日志,上传大小超过配置会有类似如下的告警,持续上传到前端显示文件上传完成会出现第二行的 104 连接被重置的错误
12025/02/14 16:29:46 [warn] 31#0: *168 an upstream response is buffered to a temporary file /usr/local/nginx/proxy_temp/2/00/0000000002 while reading upstream, client: XXX, server: XXX, request: "GET /assets/Markdown.0a8d8dc5.js HTTP/1.1", upstream: "http://10.0.16.3:5244/assets/Markdown.0a8d8dc5.js", host: "XXX" 22025/02/14 16:32:13 [error] 32#0: *172 readv() failed (104: Connection reset by peer) while reading upstream, client: XXX, server: XXX, request: "PUT /api/fs/put HTTP/1.1", upstream: "http://unix:/app/sock/tcd_error.sock:/.safeline/forbidden_page", host: "XXX", referrer: "XXX"
- 切换到雷池后台的攻击日志中可以看到类似如图的信息:
- 切换雷池的网站设置为观察模式
- 再次上传文件就会可以上传成功
How we reproduce?
- ...
- ...
- ...
Expected behavior
No response
Error log
No response
maosite
Admin
Updated 2 months ago
0
Please use English to discuss in the github issue area. For Chinese discussion, please go to https://rivers.chaitin.cn/discussion