Bug #84098

403 forbidden error on trying to access 404 page

Added by Ricky Mathew about 2 years ago. Updated 5 months ago.

Status:
Needs Feedback
Priority:
Must have
Assignee:
-
Category:
Link Handling, Site Handling & Routing
Target version:
-
Start date:
Due date:
% Done:

0%

TYPO3 Version:
8
PHP Version:
7.1
Tags:
404,frontend,http,guzzle,psr
Complexity:
Is Regression:
Sprint Focus:

Description

I have a system with the following pagenotfound configurations.

'pageNotFoundOnCHashError' => '0',
'pageNotFound_handling' => '/404',
'pageNotFound_handling_statheader' => 'HTTP/1.0 404 Not Found',

But on having an invalid url ,it fails to redirect to the 404 error page and instead throws the following exception.

Uncaught TYPO3 Exception
#1509296606: Failed to fetch error page "https://example.dev/404", reason: Client error: `GET http://example.dev/404` resulted in a `403 Forbidden` response: <!DOCTYPE html> <html lang="fr"> <head> <meta charset="utf-8"> <!-- This website is powered by TYPO3 - inspiring people (truncated...) (More information)

RuntimeException thrown in file
/var/www/example/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php in line 2053.

17 TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController::pageErrorHandler("http://example.dev/404", "HTTP/1.0 404 Not Found", "Segment "testurl" was not a keyword for a postVarSet as expected on page with id=4.").

On debugging i found that there is a report generation for http requests from typo3 8.7.9 onwards which the following line of code(/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php) indicates.

$report = [];
$res = GeneralUtility::getUrl($code, 1, $headerArr, $report);

if ((int)$report['error'] !== 0 && (int)$report['error'] !== 200) {
    throw new \RuntimeException('Failed to fetch error page "' . $code . '", reason: ' . $report['message'], 1509296606);
}

on commenting out statements inside the 'if' condition, everything works fine.I wonder if there is any need for these additional line of code(which wasn't there in Typo3 8.7.8) as it directly throwing out an exception instead of writing it into a log.

Can you guys give any further insight on this?.Thanks in advance.


Related issues

Duplicated by TYPO3 Core - Bug #84548: error when installing a 404 error page Closed 2018-03-28

History

#1 Updated by Stephan Großberndt about 2 years ago

  • Due date deleted (2018-03-07)
  • Category changed from Frontend to Link Handling, Site Handling & Routing
  • Status changed from New to Needs Feedback
  • Target version deleted (Candidate for patchlevel)
  • Start date deleted (2018-03-01)
  • Complexity deleted (medium)

With the error message "Segment "testurl" was not a keyword for a postVarSet as expected on page with id=4." this is likely a configuration problem in EXT:realurl, not in the TYPO3 core.

Is there an accessible HTML file named "404" in the webroot?

#2 Updated by Ricky Mathew about 2 years ago

Stephan Großberndt wrote:

With the error message "Segment "testurl" was not a keyword for a postVarSet as expected on page with id=4." this is likely a configuration problem in EXT:realurl, not in the TYPO3 core.

Is there an accessible HTML file named "404" in the webroot?

There is no such configuration problem in realurl. There is page named 404 in webroot. And this works fine with Typo3 8.7.8.The problem is with typo3 8.7.9 onwards.

#3 Updated by Ricky Mathew about 2 years ago

  • Status changed from Needs Feedback to New

#4 Updated by Tymoteusz Motylewski about 2 years ago

can you please check if the issue still exists in v8.7.12 ?
AFAIK there were some changes in the getURL method in the last releases.

#5 Updated by Tymoteusz Motylewski about 2 years ago

  • Duplicated by Bug #84548: error when installing a 404 error page added

#6 Updated by Markus Dübbert about 2 years ago

this still exists in 8.7.12

#1509296606: Failed to fetch error page "http://server.de/404", reason: Client error: `GET http://server.de/404` resulted in a `401 Unauthorized` response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>Unauth (truncated...) (More information)

RuntimeException thrown in file
/var/www/adfc/vendor/typo3/cms/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php in line 2053.

#7 Updated by André Stafast about 2 years ago

Markus Dübbert wrote:

this still exists in 8.7.12

In v8.7.13 too (same error message)

#8 Updated by Toni Weiler almost 2 years ago

I get the same error in version 8.7.16 but with an '503 Service unavailable' error instead of 403.

Uncaught TYPO3 Exception: #1509296606: Failed to fetch error page "https://www.domain.com/404/", reason: Server error: `GET https://www.domain.com/404/` resulted in a `503 Service unavailable` response

The error occurs only a few times a day, and I'm not able to reproduce it when I open the Requested URL: https://www.domain.com/apple_touch_icon.png in the browser.

#9 Updated by Markus Klein almost 2 years ago

  • Status changed from New to Needs Feedback

Please every reporter clarify:

- What is your pageNotFound_handling value?
- What is the resource you are referring to with the above setting? A static HTML file or a TYPO3 page again?

#10 Updated by André Stafast almost 2 years ago

Markus Klein wrote:

- What is your pageNotFound_handling value?

[FE][pageNotFound_handling] = index.php?id=503
I also tested with backslash „/index.php?id=503“

- What is the resource you are referring to with the above setting? A static HTML file or a TYPO3 page again?

A regular TYPO3 page

#11 Updated by Ricky Mathew almost 2 years ago

Markus Klein wrote:

Please every reporter clarify:

- What is your pageNotFound_handling value?

USER_FUNCTION:typo3conf/pageNotFoundHandling.php:user_pageNotFound->pageNotFound

- What is the resource you are referring to with the above setting? A static HTML file or a TYPO3 page again?

user function is as follows :

  class user_pageNotFound {
  function pageNotFound($params,$tsfeObj) {
    $url = \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL').'index.php?id='.$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['realurl'][\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('HTTP_HOST')]['pagePath']['error404_id'];
    $_buffer = \TYPO3\CMS\Core\Utility\GeneralUtility::getUrl($url);
    echo $_buffer;
  }
}

#12 Updated by Robert Hafenried almost 2 years ago

TYPO3 8.7.17
[FE][pageNotFound_handling] = 404.html
[FE][pageNotFoundOnCHashError] = true
[FE][pageNotFound_handling_statheader] = HTTP/1.0 404 Not Found

I get the error only when I try to use the crawler extension for indexing my pages. In all other cases the error page is found without any problems.

Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1509296606: Failed to fetch error page "https://www.mydomain.org/typo3/404.html", reason: Client error: `GET https://www.mydomain.org/typo3/404.html` resulted in a `404 Not Found` response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"> <html> <head> <meta http-equiv="Content-Type" content="text (truncated...) | RuntimeException thrown in file /html/typo3/typo3_src-8.7.17/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php in line 2054. Requested URL: https://www.mydomain.org/typo3/index.php?M=web_info&moduleToken=--AnonymizedToken--&qid_read=14588&setID=0&id=1

#13 Updated by Riccardo De Contardi over 1 year ago

  • Status changed from Needs Feedback to New

#14 Updated by Susanne Moog over 1 year ago

  • Sprint Focus set to On Location Sprint

#15 Updated by Joerg Kummer over 1 year ago

I can not reproduce this behavior with 8.7.8, 8.7.12 and 8.7.21-dev (introduction package, realurl 2.4.0).
It seems, that the URL of the error page itself produces these different errors, we find in list here:
- 403 Forbidden (Ricky Mathew)
- 401 Unauthorized (Markus Dübbert)
- 503 Service unavailable (Toni Weiler)
- 404 Not Found (Robert Hafenried) where probably '/typo3/' is wrong path segment

Can you check your pageNotFound url-path's, as written in the error message, request them and ensure it returns HTTP Status 200 OK?
Maybe request them different ways (browser, console, ...)

#16 Updated by Markus Klein over 1 year ago

  • Status changed from New to Needs Feedback

#17 Updated by Stefanos Karasavvidis over 1 year ago

I can't reproduce this but I may have an idea on when it happens:

as I understand, TYPO3 makes a request of it own to the server to retrieve the content of the error page, and then dumps this content back to the originating user request.

If the server contains a security module for filtering malicious requests (e.g. mod_security), the requests from the TYPO3 may be recognized as malicious. mod_security in these cases returns a 401. This should be logged to the web server's error_log though.

So may I ask the reporters if they have this kind of module installed or whether they checked the error_log of their web server?

#18 Updated by Markus Klösges 7 months ago

To give another option for this error:

When the installation is guarded behind a .htaccess authentification, the sub-request will not include the necessary authentication information and therefore lead to a 401 when fetching error messages.
I don't have a solution or workaround, but maybe that information helps someone coming here through google like i was.

#19 Updated by Susanne Moog 5 months ago

  • Sprint Focus deleted (On Location Sprint)

Also available in: Atom PDF