0

So I recently set up GitLab in my server and I use the kemp load balancer to reverse proxy and also manage other rules and stuff but today I noticed that the web IDE wasn't working and after looking at the logs and doing some research I found out that the reason for this to happen is that kemp is decoding slashes that it shouldn't be decoding in the first place and I was wondering if it's possible for me to either bypass URL decoding in all the URLs or in certain ones to avoid this problem from happening.

Right URL: https://example.domain.com/api/v4/projects/qcast%2Fqcast-vosk-stt

Wrong URL (Decoded by Kemp): https://example.domain.com/api/v4/projects/qcast/qcast-vosk-stt

The wrong URL originates a 404 in GitLab since it doesn't recognize the URL since the %2F cant be decoded into a slash.

The logs:

2021-11-01T14:58:35+00:00 Kemp kernel: Detect: Invalid URL [00.00.00.00:51554->10.1.10.10:443] '/api/v4/projects/qcast/qcast-vosk-stt' - Invalid URL specification (sid:0 rev:0)
2021-11-01T14:58:35+00:00 Kemp kernel: Detect: Invalid URL [00.00.00.00:51632->10.1.10.10:443] '/api/v4/projects/qcast/qcast-vosk-stt' - Invalid URL specification (sid:0 rev:0)
2021-11-01T14:58:35+00:00 Kemp kernel: Detect: Invalid URL [00.00.00.00:58300->10.1.10.10:443] '/api/v4/projects/qcast/qcast-vosk-stt' - Invalid URL specification (sid:0 rev:0)

Can I fix this with content rules or other way?

Update: I found out that the problem was being caused by this option enter image description here

I disabled it temporarily for a quick fix but this should give some hits for helping me disable this rule for only a couple URLs or patterns.

PS: Its its the problem is not solved, I only included the temporary fix to help someone with more knowledge help me find how can I fix this with out disabling this sort of protection.

DeadSec
  • 139
  • 10
  • if this issue is solved, please add a answer and accept it – djdomi Nov 01 '21 at 16:19
  • @djdomi Its not solved i just found a temporary solution and added in the post so if anyone knows anything about rules in that option could help me solve the issue. – DeadSec Nov 01 '21 at 16:31
  • then update the question so it doesn't soubds like its solved. – djdomi Nov 01 '21 at 16:32
  • @djdomi added, sorry if I made it sound like it was fixed – DeadSec Nov 01 '21 at 16:37
  • but if it fixes the problem then imho its resolved? – djdomi Nov 01 '21 at 16:57
  • @djdomi Kinda cuz even though it solves my problem that disables protection against known attacks which I would rather not disable in the hole service. – DeadSec Nov 01 '21 at 17:09
  • since kemp is mostly not known to me, maybe this artijel might helps you out: https://support.kemptechnologies.com/hc/en-us/community/posts/206343176-Kemp-Load-Balancer-html-rewrite – djdomi Nov 01 '21 at 17:15
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/131042/discussion-between-djdomi-and-deadsec). – djdomi Nov 01 '21 at 17:15
  • You've posted this twice: https://superuser.com/questions/1684978/disable-url-decoding-in-certain-urls-kemp-load-balancer – Doug Deden Nov 01 '21 at 20:14

0 Answers0