1Panel [Bug] Siyuan upload interface is blocked by the firewall

[Bug] Siyuan upload interface is blocked by the firewall

Open ssqzr opened this issue 10 months ago • 4 comments

Contact Information

[email protected]

1Panel Version

v1.10.22-lts

Problem Description

1Panel 拦截思源笔记的上传接口。

Steps to Reproduce

在1Panel部署思源笔记。

在某个网页上右键复制图片。

在思源笔记编辑页面粘贴图片，页面报错，提示：“请求携带恶意参数已被拦截。”

The expected correct result

可以正常粘贴图片上传。

Related log output

No response

Additional Information

经过初步排查，关闭 “SQL 注入防御” 和 “XSS防御”可以解决问题。操作如下：

高级功能 --> WAF --> 网站设置 --> (切换到思源的网站) --> 默认规则 --> 其他 --> SQL 注入防御和 XSS防御 --> 关闭。

如果不是通过页面右键复制图片，而是复制文件系统里的图片或者文件都是可以上传的。

Jan 01 '25 13:01 ssqzr

感谢反馈，我们先测试一下

Jan 01 '25 14:01 zhengkunwang223

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Thanks for the feedback, let’s test it first

Jan 01 '25 14:01 wanghe-fit2cloud

经过测试因为请求结构体中包含 xss 特征所以被拦截 V2 版本我们会针对思源笔记单独出规则

Jan 03 '25 07:01 zhengkunwang223

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

After testing, the request structure was intercepted because it contained xss features. We will issue separate rules for Siyuan Notes in the V2 version

Jan 03 '25 07:01 wanghe-fit2cloud

v2.0.0 版本已发布。

Jun 12 '25 05:06 wanghe-fit2cloud

1Panel 1Panel copied to clipboard

[Bug] Siyuan upload interface is blocked by the firewall

Contact Information

1Panel Version

Problem Description

Steps to Reproduce

The expected correct result

Related log output

Additional Information

1Panel
1Panel copied to clipboard