Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failing preview generation results in 404 istead of original image #6755

Open
max-nextcloud opened this issue Dec 8, 2024 · 6 comments
Open

Failing preview generation results in 404 istead of original image #6755

max-nextcloud opened this issue Dec 8, 2024 · 6 comments
Labels
1. to develop bug Something isn't working good first issue Good for newcomers php

Comments

@max-nextcloud
Copy link
Collaborator

Describe the bug
We had some traces in Sentry:

Image

Image

Since we don't catch these they will be caught on the Controller Level which then sends a 404.
We should return the raw image instead. In case of the trace here it was a png and could have been served fine.

Server details:
cloud.nextcloud.com from 30.0.1.1 to 30.0.2.2 - probably longer.
@max-nextcloud max-nextcloud added bug Something isn't working good first issue Good for newcomers 1. to develop php labels Dec 8, 2024
@bootlesshacker
Copy link

Just saw this issue too on 30.0.2. This would be a useful fix given it can trigger firewalls to engage at quantity of HTTP errors.

@max-nextcloud
Copy link
Collaborator Author

@bootlesshacker To be frank I think the risk is fairly minimal. It will be pretty rare to see more than say 10 files on a page that exhibit this behavior and I doubt firewalls will kick in after 10 404s.

Did you observe such behavior in the past or can you trigger it if you try?

@juliusknorr
Copy link
Member

Would agree, a 404 is not a response code I would expect any firewall to start acting on.

Generally speaking a 404 is the expected response on the server preview endpoint as well.

@bootlesshacker
Copy link

@bootlesshacker To be frank I think the risk is fairly minimal. It will be pretty rare to see more than say 10 files on a page that exhibit this behavior and I doubt firewalls will kick in after 10 404s.

Did you observe such behavior in the past or can you trigger it if you try?

It triggered over 100 404's in 60 seconds from a single IP address which did indeed cause a small temporary block in this instance, which is how I came to learn of the issue. Can you let me know specifically what condition we would expect these 404's to generate?

@juliusknorr Respectfully, you may not expect it, but it is not an uncommon setup for people to filter out web bots / enumeration.

@juliusknorr
Copy link
Member

That certainly sounds too much indeed, we should both return the image if available and probably not send that many requests at once, I was only arguing that the 404 status code itself is nothing unexpected from the Nextcloud perspective, so if that alone is causing larger blocking it might be something worth to reconsider those specific blocking rules.

@bootlesshacker
Copy link

Thank you. I've amended the rule in the interim and lifted the threshold. I'm comfortable it doesn't normally trigger until this issue, but I'll see if I can amend it for now to exclude certain Nextcloud endpoints where a 404 is potentially expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop bug Something isn't working good first issue Good for newcomers php
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@juliusknorr @bootlesshacker @max-nextcloud