Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Requests to /content/images path causes 500 Errors #17

Open
muratcorlu opened this issue Apr 11, 2024 · 2 comments
Open

Requests to /content/images path causes 500 Errors #17

muratcorlu opened this issue Apr 11, 2024 · 2 comments

Comments

@muratcorlu
Copy link
Contributor

muratcorlu commented Apr 11, 2024
edited

I noticed an interesting issue. On a Ghost website that is configured to use ghos3, if you make an HTTP request to https://mysite.com/content/images/some-random-file.jpg, request fails after around 6 seconds with 500 status and "Maximum call stack size exceeded" error page.

Here is the error log:

ERROR "GET /content/images/2022/12/001-1.jpg" 500 6213ms

An unexpected error occurred, please try again.

"Key not found"

Error ID:
    b25ce700-f802-11ee-9ae8-a34747f54391

Error Code: 
    UNEXPECTED_ERROR

----------------------------------------

NoSuchKey: Key not found
    at module.exports.prepareError (/var/lib/ghost/versions/5.80.0/node_modules/@tryghost/mw-error-handler/lib/mw-error-handler.js:102:19)
    at de_NoSuchKeyRes (/var/lib/ghost/content/adapters/storage/ghos3/node_modules/@aws-sdk/client-s3/dist-cjs/protocols/Aws_restXml.js:6082:23)
    at de_GetObjectCommandError (/var/lib/ghost/content/adapters/storage/ghos3/node_modules/@aws-sdk/client-s3/dist-cjs/protocols/Aws_restXml.js:4327:25)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async /var/lib/ghost/content/adapters/storage/ghos3/node_modules/@smithy/middleware-serde/dist-cjs/deserializerMiddleware.js:7:24
    at async /var/lib/ghost/content/adapters/storage/ghos3/node_modules/@aws-sdk/middleware-signing/dist-cjs/awsAuthMiddleware.js:14:20
    at async /var/lib/ghost/content/adapters/storage/ghos3/node_modules/@smithy/middleware-retry/dist-cjs/retryMiddleware.js:27:46
    at async /var/lib/ghost/content/adapters/storage/ghos3/node_modules/@aws-sdk/middleware-flexible-checksums/dist-cjs/flexibleChecksumsMiddleware.js:63:20
    at async /var/lib/ghost/content/adapters/storage/ghos3/node_modules/@aws-sdk/middleware-sdk-s3/dist-cjs/region-redirect-endpoint-middleware.js:14:24
    at async /var/lib/ghost/content/adapters/storage/ghos3/node_modules/@aws-sdk/middleware-sdk-s3/dist-cjs/region-redirect-middleware.js:9:20
    at async /var/lib/ghost/content/adapters/storage/ghos3/node_modules/@aws-sdk/middleware-logger/dist-cjs/loggerMiddleware.js:7:26
    at async /var/lib/ghost/content/adapters/storage/ghos3/index.js:149:24

I suspect that we don't handle wrong urls properly.

As a side note; I don't have any images in content folder and I serve images from a separate domain. So this is not a regular request. But I saw this in logs and it's bad that it takes 6 seconds to respond. It can be painful to have many requests to this url as an attack.
@muratcorlu
Copy link
Contributor Author

Another finding is that, during those requests, site becomes unresponsive. It blocks whole ghost process, I believe. @laosb Sadly, this issue exists in your blog too and it's even worse, it takes 50 seconds to return error page in your website.

@laosb
Copy link
Owner

laosb commented Apr 12, 2024

I think this is exactly what #15 is trying to solve, but that PR currently needs modification as I commented under it. It's been 2 weeks since I receive any updates from the author, so I'm considering doing it myself soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@muratcorlu @laosb