[#140] - Non-PHP items being caught by routing system
- Closed
- 16 Jun 2015
- Medium
- Build: master
- # 140
So obviously we have some sort of bug in the .htaccess or something I don't quite understand, but there's a funny issue where the www/index.php file is getting triggered, triggering the application, on site assets and things that shouldn't go through the app. In the error log, there's messages like Unable to handle request for route 'images/avatars/cedricwalter.png' and Unable to handle request for route 'robots.txt' (and yes, this means we need to add a robots.txt file sooner than later).
Anyone care to take a crack at it?
A non-existent image file will do it.
On Saturday, November 2, 2013, Dmitry Rekun wrote:
@mbabker https://github.com/mbabker strange, but I do not have such
errors. Can you tell me how to reproduce?—
Reply to this email directly or view it on GitHub#140 (comment)
.
Interesting I removed my avatar and just have
2013/11/02 20:32:44 [error] 2549#0: 715610 open() "/home/j-esports/domains/tracker.j-esports.com/public_html/images/avatars/b2z.png" failed (2: No such file or directory), client: 8.2**.***.175, server: www.tracker.j-esports.com, request: "GET /images/avatars/b2z.png HTTP/1.1", host: "tracker.j-esports.com", referrer: "http://tracker.j-esports.com/user/1"
May be that is because I am running Nginx as a proxy for Apache?
Good question. I know our server is apache and our custom error.log picks
up these messages.
On Saturday, November 2, 2013, Dmitry Rekun wrote:
Interesting I removed my avatar and just have
2013/11/02 20:32:44 [error] 2549#0: 715610 open()
"/home/j-esports/domains/tracker.j-esports.com/public_html/images/avatars/b2z.png
http://tracker.j-esports.com/public_html/images/avatars/b2z.png" failed
(2: No such file or directory), client: 8.2**.***.175, server:
www.tracker.j-esports.com, request: "GET /images/avatars/b2z.png
HTTP/1.1", host: "tracker.j-esports.com", referrer: "
http://tracker.j-esports.com/user/1"May be that is because I am running Nginx as a proxy for Apache?
—
Reply to this email directly or view it on GitHub#140 (comment)
.
Well need to test it on localhost then or on VM.
Still can't reproduce this on local machine as well as on VM. I have deleted /flags/en.gif - error.log is clean...
Could it be that it is only our highly advanced routing system that we just don't understand yet ? ...
I mean:
-
index.phpgives me a routing error.
That would preventindex.php?your_param=my_hackor similar.. -
robots.txtdisplays the robots.txt -
foo.txtends up in a routing error as well as any non existent image.
Sure it does look strange in the error log.
In the end I would "sell" it as a security feature rather than a bug 
I can't replicate this either. Is it still an issue?
Yep, just not something too high on the priority list.
[2013-11-28 10:04:42] JTracker.ERROR: 404 Bad Route {"message":"Unable to handle request for routefoo.txt."} {"url":"/foo.txt","ip":"X.X.X.X","http_method":"GET","server":"issues.joomla.org","referrer":"NULL"}
Yep, just look at the error log.
Can you paste some last lines from it again plz ;)
One example:
[2014-08-30 02:47:06] JTracker.ERROR: 404 Bad Route [] {"url":"/images/avatars/joomla-jenkins.png","ip":"X.X.X.X","http_method":"GET","server":"issues.joomla.org","referrer":"http://issues.joomla.org/project/joomla-cms/stats","unique_id":"VAGBeUgdfEwAAEAsVUoAAAAL"}
Those are funny:
JTracker.ERROR: 404 Bad Route {"message":"Unable to handle request for route `administrator/index.php`."}
I'd still call it a feature 
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2015-06-16 13:49:28 |
| Closed_By | ⇒ | mbabker | |
| Build | ⇒ | master |
I will look into it though I am not a pro in .htaccess and server side configuration :)