Learn about Centmin Mod LEMP Stack today
Register Now

Xenforo Strange redirection and query stripping

Discussion in 'Forum software usage' started by Rake-GH, Mar 6, 2020.

  1. Rake-GH

    Rake-GH Active Member

    101
    40
    28
    Jul 29, 2019
    USA
    Ratings:
    +67
    Local Time:
    4:07 AM
    default
    default
    I have two issues. I've got Xenforo 2 running on CMM.

    I'm using friendly urls with the default setup defined by Xenforo for the friendly URLs on nginx:

    Code:
        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass    127.0.0.1:9000;
            fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include         fastcgi_params;
        }
    I have disabled the XF redirect addon because it doesn't work on nginx and they refuse to support it, after 6 months of begging them to fix it I've given up.

    Xenforo support told me they do not provide support for nginx servers.

    1) Strange redirection. I get about 400 of these errors every day

    Code:
    2020/03/05 18:07:45 [error] 1895#1895: *197 open()
    "/home/nginx/domains/mydomain.com/public/threads/advertise.12108/styles/default/xenforo/reactions/emojione/sprite_sheet_emojione.png" failed (2: No such file or directory)
    request:
    "GET /threads/advertise.12108/styles/default/xenforo/reactions/emojione/sprite_sheet_emojione.png HTTP/1.1"
    When they request /threads/advertise.12108

    the file is located at
    /styles/default/xenforo/reactions/emojione/sprite_sheet_emojione.png

    What is causing it to append this to the end of the current friendly url?

    I also get other weird redirects where it redirects to domain.com//

    2) Xenforo told me the addon doesn't work on my server because my server is "stripping querie strings". I had another issue with another addon from ThemeHouse and they told me it's not working because my server is "stripping querie strings".

    So that's two groups telling me my server is stripping querie strings, how to I debug this issue? I have no idea what to do or what to investigate regarding this
     
  2. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    6:07 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Like Like x 1
  3. Rake-GH

    Rake-GH Active Member

    101
    40
    28
    Jul 29, 2019
    USA
    Ratings:
    +67
    Local Time:
    4:07 AM
    default
    default
    Unfortunately neither issue is resolved by fixing that redundancy, but thank you
     
  4. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    6:07 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    those don't look like 400 errors not 404 errors not found urls. Check your stylesheet references in your theme/style are referenced correctly as some styles could have stylesheet/image references absolutely or relatively referenced.

    There's a difference in referencing link in html as

    Code (Text):
    /styles/default/xenforo/reactions/emojione/sprite_sheet_emojione.png

    versus
    Code (Text):
    styles/default/xenforo/reactions/emojione/sprite_sheet_emojione.png

    notice later missing starting forward slash /
     
  5. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    6:07 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Centmin Mod doesn't string query strings out of the box so wouldn't be related. What are some example query strings ? and output from their curl header checks like
    Code (Text):
    curl -I https://yourdomain.com/?yourquerystring
     
  6. Rake-GH

    Rake-GH Active Member

    101
    40
    28
    Jul 29, 2019
    USA
    Ratings:
    +67
    Local Time:
    4:07 AM
    default
    default
    I figured out last night that Xenforo and Themehouse are full of shit, they are blaming my server for a problem with their software. It's not stripping queries, their software just doesn't work correctly.
     
  7. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    6:07 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Xenforo should work fine. Sounds like probably theme/style specific issues ? Tried browsing using Xenforo default theme to see if all theme style css and images are working properly ?
     
  8. Rake-GH

    Rake-GH Active Member

    101
    40
    28
    Jul 29, 2019
    USA
    Ratings:
    +67
    Local Time:
    4:07 AM
    default
    default
    /admin.php?reactions/

    they were all listed as

    'styles/default/xenforo/reactions/emojione/sprite_sheet_emojione.png'
     
  9. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    6:07 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    no problems here on my private test XF 2.1.7 forum for that /admin.php?reactions/ url listing emojis and browser dev tools network tab shows valid work HTTP 200 status for /styles/default/xenforo/reactions/emojione/sprite_sheet_emojione.png
     
    • Agree Agree x 1
  10. Rake-GH

    Rake-GH Active Member

    101
    40
    28
    Jul 29, 2019
    USA
    Ratings:
    +67
    Local Time:
    4:07 AM
    default
    default
    I just don't understand why I'm getting ~400 of these errors everyday yet the site renders fine. it's not like I get the error everytime I refresh the page, it's like one in 100 visits triggers the error

    and just to clarify, there is no error in the browser, only in the error log
     
  11. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    6:07 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Simplistic explanation is you have a incorrect hyperlink url reference to yourdomain.com/threads/advertise.12108/styles/default/xenforo/reactions/emojione/sprite_sheet_emojione.png

    which someone is accessing. You can't prevent folks from trying to access invalid urls. And folks can also be bots/crawlers etc

    For example, I just blocked off an attack for xenforo /add-reply POST requests with query strings like /add-reply?
    jTMet=uPHF4gMvL00Sq&vkSrOY=qiSMHAjTw&pgsPHFuCx=4qoWgXBXd4xawus5bkY&IXX=vLvxE0IVQfUEjJM&GxrfnJhgu=VSvsvqn0Om with 10,000+ requests !
     
  12. Rake-GH

    Rake-GH Active Member

    101
    40
    28
    Jul 29, 2019
    USA
    Ratings:
    +67
    Local Time:
    4:07 AM
    default
    default
    Everyone is just telling me to ignore these 400 errors per day so I guess that's what I'm gonna do because I can't seem to stop it. My server doesn't generate these references anywhere. I thought it was an issue with the try_files directive but who knows. I already wasted too much time on this. Thank you for your assistance.
     
  13. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    6:07 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    You might want to clarify which HTTP status code you are getting 404 not found is not same as 400 bad request. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

    If you get 404 not found, they can be normal as you can't stop visitors trying to visit an invalid or non-existing file which will trigger a 404 not found. On other hand 400 bad request can be problematic and would require investigating.
     
  14. Rake-GH

    Rake-GH Active Member

    101
    40
    28
    Jul 29, 2019
    USA
    Ratings:
    +67
    Local Time:
    4:07 AM
    default
    default
    Just FYI these are not http errors, they are nginx errors, they have no effect on browsing, they are only server side errors, all the http requests work fine and the site works perfectly.

    I gave up on this, I'm just gonna ignore it like everyone told me to