starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-14 03:09:39 +03:00
Code Issues 784 Packages Projects Releases 10 Wiki Activity

Can't save SQL-Statements #3287

New Issue
Closed
opened 2026-02-05 06:14:31 +03:00 by OVERLORD · 20 comments
OVERLORD commented 2026-02-05 06:14:31 +03:00
Owner
Copy Link

Originally created by @kdagutat on GitHub (Oct 18, 2022).

Attempted Debugging

  • I have read the debugging page

Searched GitHub Issues

  • I have searched GitHub for the issue.

Describe the Scenario

Hey,

I have the following problem:
When I try to save a SQL script, the error message "ERR_CONNECTION_RESET" comes up. In #1792 the problem was also described, but I could not find a solution there. On the demo website the problem does not occur. The problem occurs both in the Markdown editor and in the WYSIWYG editor.

Examples:
Can't be saved:
, (SELECT count(*) FROM [BODA].[dbo].[WK_tabReRpZo_Zuordnung] WHERE [ReRpZo_Report] = 'TFKU286')
But this can be saved:
SELECT count(*)  FROM [BODA].[dbo].[WK_tabReRpZo_Zuordnung]  WHERE [ReRpZo_Report] = 'TFKU286'

Even this can't be saved:
SELECT (SELECT COUNT(*) FROM (SELECT

And even correct statements like this, can't be saved:
SELECT (SELECT COUNT(*) FROM (SELECT [ReRpBo_Block] FROM [BODA].[dbo].[WK_tabReRp_Report], [BODA].[dbo].[WK_tabReRpZo_Zuordnung], [BODA].[dbo].[WK_tabReRpBo_Block], [BODA].[dbo].[WK_tabReRpAw_Auswertung] WHERE [ReRp_Report] = 'TFKU286' AND [ReRp_Report] = [ReRpZo_Report] AND [ReRpZo_Block] = [ReRpBo_Block] AND [ReRpBo_Block] = [ReRpAw_Block] GROUP BY [ReRpBo_Block]) as bribra) as NumBlocksInTotal, (SELECT count(*) FROM [BODA].[dbo].[WK_tabReRpZo_Zuordnung] WHERE [ReRpZo_Report] = 'TFKU286') as NumBlocksInBlocks

Exact BookStack Version

22.09.1

Log Content

laravel.log

In the httpd (apache) log is no error message regarding this problem. If still needed or wanted I will provide it too.

PHP Version

PHP 8.0.24

Hosting Environment

RHEL 8

Linux mydomain.com 4.18.0-372.26.1.el8_6.x86_64 # 1 SMP Sat Aug 27 02:44:20 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux

MySQL (MariaDB)

Version: mysql Ver 15.1 Distrib 10.3.35-MariaDB, for Linux (x86_64) using readline 5.1

Originally created by @kdagutat on GitHub (Oct 18, 2022). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Hey, I have the following problem: When I try to save a SQL script, the error message "ERR_CONNECTION_RESET" comes up. In #1792 the problem was also described, but I could not find a solution there. On the demo website the problem does not occur. The problem occurs both in the Markdown editor and in the WYSIWYG editor. Examples: **Can't** be saved: `, (SELECT count(*) FROM [BODA].[dbo].[WK_tabReRpZo_Zuordnung] WHERE [ReRpZo_Report] = 'TFKU286')` But this **can** be saved: `SELECT count(*)  FROM [BODA].[dbo].[WK_tabReRpZo_Zuordnung]  WHERE [ReRpZo_Report] = 'TFKU286'` Even this **can't** be saved: `SELECT (SELECT COUNT(*) FROM (SELECT` And even correct statements like this, **can't** be saved: `SELECT (SELECT COUNT(*) FROM (SELECT [ReRpBo_Block] FROM [BODA].[dbo].[WK_tabReRp_Report], [BODA].[dbo].[WK_tabReRpZo_Zuordnung], [BODA].[dbo].[WK_tabReRpBo_Block], [BODA].[dbo].[WK_tabReRpAw_Auswertung] WHERE [ReRp_Report] = 'TFKU286' AND [ReRp_Report] = [ReRpZo_Report] AND [ReRpZo_Block] = [ReRpBo_Block] AND [ReRpBo_Block] = [ReRpAw_Block] GROUP BY [ReRpBo_Block]) as bribra) as NumBlocksInTotal, (SELECT count(*) FROM [BODA].[dbo].[WK_tabReRpZo_Zuordnung] WHERE [ReRpZo_Report] = 'TFKU286') as NumBlocksInBlocks` ### Exact BookStack Version 22.09.1 ### Log Content [laravel.log](https://github.com/BookStackApp/BookStack/files/9809228/laravel.log) In the httpd (apache) log is no error message regarding this problem. If still needed or wanted I will provide it too. ### PHP Version PHP 8.0.24 ### Hosting Environment RHEL 8 Linux mydomain.com 4.18.0-372.26.1.el8_6.x86_64 # 1 SMP Sat Aug 27 02:44:20 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux ### MySQL (MariaDB) Version: mysql Ver 15.1 Distrib 10.3.35-MariaDB, for Linux (x86_64) using readline 5.1
OVERLORD added the 🐕 Support label 2026-02-05 06:14:31 +03:00
OVERLORD commented 2026-02-05 06:14:38 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Oct 18, 2022):

Hi @kdagutat,
This sounds like the kind of behaviour of mod_security for apache. Could you confirm if mod_security is active?

@ssddanbrown commented on GitHub (Oct 18, 2022): Hi @kdagutat, This sounds like the kind of behaviour of `mod_security` for apache. Could you confirm if `mod_security` is active?
OVERLORD commented 2026-02-05 06:14:49 +03:00
Author
Owner
Copy Link

@kdagutat commented on GitHub (Oct 18, 2022):

I already checked this. It seems like it is not activated (not even installed).
I do not have found any configfile for it and it is not listed in phpinfo
PHP 8.0.24 - phpinfo().pdf

I also put this in my .htaccess file

<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

Update: I tried it in xampp. There everything works as it should

@kdagutat commented on GitHub (Oct 18, 2022): I already checked this. It seems like it is not activated (not even installed). I do not have found any configfile for it and it is not listed in phpinfo [PHP 8.0.24 - phpinfo().pdf](https://github.com/BookStackApp/BookStack/files/9810028/PHP.8.0.24.-.phpinfo.pdf) I also put this in my .htaccess file ``` <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> ``` Update: I tried it in xampp. There everything works as it should
OVERLORD commented 2026-02-05 06:14:52 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Oct 18, 2022):

@kdagutat Are there any other layers involved in the stack? Any proxies or things like cloudlfare in use?

@ssddanbrown commented on GitHub (Oct 18, 2022): @kdagutat Are there any other layers involved in the stack? Any proxies or things like cloudlfare in use?
OVERLORD commented 2026-02-05 06:14:55 +03:00
Author
Owner
Copy Link

@kdagutat commented on GitHub (Oct 19, 2022):

I am quite new to the company, but as far as my colleague and I know there are no other layers. Do you have any idea how we could check this? It runs as a virtuel host (apache). If I'm not mistaken, the main domain runs on cloudflare and the bookstack subdomain (which we ONLY use on the intranet and which is also only available there) was created (and I think hosted) in Azure. We use bookstack ONLY on the intranet.

Interestingly, the SQL script works if you replace the count(*) with count(-). You can only use count(*) if you don't have a SELECT (SELECT before it.

Thanks for you help!

@kdagutat commented on GitHub (Oct 19, 2022): I am quite new to the company, but as far as my colleague and I know there are no other layers. Do you have any idea how we could check this? It runs as a virtuel host (apache). If I'm not mistaken, the main domain runs on cloudflare and the bookstack subdomain (which we ONLY use on the intranet and which is also only available there) was created (and I think hosted) in Azure. We use bookstack ONLY on the intranet. Interestingly, the SQL script works if you replace the `count(*)` with `count(-)`. You can only use `count(*)` if you don't have a `SELECT (SELECT` before it. Thanks for you help!
OVERLORD commented 2026-02-05 06:14:59 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Oct 19, 2022):

the main domain runs on cloudflare and the bookstack subdomain

So, just to confirm, is the bookstack subdomain set-up on Cloudflare?
If so, is it set-up as a proxied domain (Orange cloud in cloudflare) or a DNS only record?

@ssddanbrown commented on GitHub (Oct 19, 2022): > the main domain runs on cloudflare and the bookstack subdomain So, just to confirm, is the bookstack subdomain set-up on Cloudflare? If so, is it set-up as a proxied domain (Orange cloud in cloudflare) or a DNS only record?
OVERLORD commented 2026-02-05 06:15:04 +03:00
Author
Owner
Copy Link

@kdagutat commented on GitHub (Oct 19, 2022):

Hey, sorry I forgot a part of the sentence...
If I'm not mistaken, the main domain domain.com is hosted on cloudflare and the bookstack subdomain bookstack.domain.com was created via azure.

@kdagutat commented on GitHub (Oct 19, 2022): Hey, sorry I forgot a part of the sentence... If I'm not mistaken, the main domain `domain.com` is hosted on cloudflare and the bookstack subdomain `bookstack.domain.com` was created via azure.
OVERLORD commented 2026-02-05 06:15:07 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Oct 19, 2022):

@kdagutat Thanks, although it's still not too clear to me that requests are not proxied through cloudflare.
Domains, and their subdomains, are usually managed within the same place.
There may be some confusion here between where a domain is managed vs where the applications are hosted?

As something else to check, do you get an entry in the apache access log when you attempt to save such a sql-containing page? Just wondering if there's any indication of the requests getting through to the BookStack host system.

@ssddanbrown commented on GitHub (Oct 19, 2022): @kdagutat Thanks, although it's still not too clear to me that requests are not proxied through cloudflare. Domains, and their subdomains, are usually managed within the same place. There may be some confusion here between where a domain is managed vs where the applications are hosted? As something else to check, do you get an entry in the apache access log when you attempt to save such a sql-containing page? Just wondering if there's any indication of the requests getting through to the BookStack host system.
OVERLORD commented 2026-02-05 06:15:10 +03:00
Author
Owner
Copy Link

@kdagutat commented on GitHub (Oct 20, 2022):

First, thank you so much for your support, I really appreciate it!
When you open the edit page, an entry is created. When saving NOT.

Edit: in the error.log no entry is created.

bookstack.access.log 
192.168.xxx.xxx - - [20/Oct/2022:12:51:20 +0200] "GET /books/myBook/page/neue-seite HTTP/1.1" 200 39922 "http://bookstack.mydomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:20 +0200] "GET /dist/code.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /books/myBook/page/neue-seite/edit HTTP/1.1" 200 93577 "http://bookstack.mydomain.com/books/myBook/page/neue-seite" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/tinymce.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /ajax/search/entities?types=book%2Cchapter%2Cpage&permission=view HTTP/1.1" 200 12733 "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/themes/silver/theme.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/models/dom/model.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/image/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/icons/default/icons.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/table/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/link/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/autolink/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/fullscreen/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/code/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/autosave/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/lists/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/media/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:23 +0200] "GET /libs/tinymce/skins/ui/tinymce-5/skin.min.css?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
192.168.xxx.xxx - - [20/Oct/2022:12:51:23 +0200] "GET /libs/tinymce/skins/ui/tinymce-5/content.min.css?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
@kdagutat commented on GitHub (Oct 20, 2022): First, thank you so much for your support, I really appreciate it! When you open the edit page, an entry is created. When saving NOT. Edit: in the error.log no entry is created. <details><summary>bookstack.access.log</summary> <pre> 192.168.xxx.xxx - - [20/Oct/2022:12:51:20 +0200] "GET /books/myBook/page/neue-seite HTTP/1.1" 200 39922 "http://bookstack.mydomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:20 +0200] "GET /dist/code.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /books/myBook/page/neue-seite/edit HTTP/1.1" 200 93577 "http://bookstack.mydomain.com/books/myBook/page/neue-seite" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/tinymce.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /ajax/search/entities?types=book%2Cchapter%2Cpage&permission=view HTTP/1.1" 200 12733 "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/themes/silver/theme.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/models/dom/model.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/image/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/icons/default/icons.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/table/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/link/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/autolink/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/fullscreen/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/code/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/autosave/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/lists/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:22 +0200] "GET /libs/tinymce/plugins/media/plugin.min.js?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:23 +0200] "GET /libs/tinymce/skins/ui/tinymce-5/skin.min.css?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 192.168.xxx.xxx - - [20/Oct/2022:12:51:23 +0200] "GET /libs/tinymce/skins/ui/tinymce-5/content.min.css?version=v22.09.1 HTTP/1.1" 304 - "http://bookstack.mydomain.com/books/myBook/page/neue-seite/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" </pre> </details>
OVERLORD commented 2026-02-05 06:15:12 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Oct 20, 2022):

When saving NOT.

That to me indicates something is stopping the request before it hits the server.

@ssddanbrown commented on GitHub (Oct 20, 2022): > When saving NOT. That to me indicates something is stopping the request before it hits the server.
OVERLORD commented 2026-02-05 06:15:14 +03:00
Author
Owner
Copy Link

@kdagutat commented on GitHub (Oct 20, 2022):

Yes, I think that too. I am very confused, because some SQL-Statements are saveable some are not.

Interestingly, the SQL script works if you replace the count(*) with count(-). You can only use count(*) if you don't have a SELECT (SELECT before it.

@kdagutat commented on GitHub (Oct 20, 2022): Yes, I think that too. I am very confused, because some SQL-Statements are saveable some are not. > Interestingly, the SQL script works if you replace the `count(*)` with `count(-)`. You can only use `count(*)` if you don't have a `SELECT (SELECT` before it.
OVERLORD commented 2026-02-05 06:15:19 +03:00
Author
Owner
Copy Link

@kdagutat commented on GitHub (Oct 20, 2022):

I have news regarding the host question.
The bookstack domain is hosted in our ad (Active Directory) (as an dns entry)

@kdagutat commented on GitHub (Oct 20, 2022): I have news regarding the host question. The bookstack domain is hosted in our ad (Active Directory) (as an dns entry)
OVERLORD commented 2026-02-05 06:15:22 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Oct 20, 2022):

Okay. It's still not clear that there are no other layers that these request are going through on your network. If available, you could use something like traceroute <hostname> to check the request path.

I'd also be sceptical that mod_security is not at play. Reading about I noticed you mentioned this:

I also put this in my .htaccess file

It's not actually that common that .htaccess files are used to alter apache config in modern setups.
More common is setting up a virtualhost. Are you sure your environment is using the .htaccess file that you altered?
Additionally, do you get any output from sudo httpd -M | grep security ?

Other than that, I can only advise checking for other WAF/security layers on the system. Any intrusion detection or security packages, like Crowdsec, that may be doing active security checking on requests.

@ssddanbrown commented on GitHub (Oct 20, 2022): Okay. It's still not clear that there are no other layers that these request are going through on your network. If available, you could use something like `traceroute <hostname>` to check the request path. I'd also be sceptical that mod_security is not at play. Reading about I noticed you mentioned this: > I also put this in my .htaccess file It's not actually that common that `.htaccess` files are used to alter apache config in modern setups. More common is setting up a virtualhost. Are you sure your environment is using the `.htaccess` file that you altered? Additionally, do you get any output from `sudo httpd -M | grep security` ? Other than that, I can only advise checking for other WAF/security layers on the system. Any intrusion detection or security packages, like Crowdsec, that may be doing active security checking on requests.
OVERLORD commented 2026-02-05 06:15:23 +03:00
Author
Owner
Copy Link

@kdagutat commented on GitHub (Oct 20, 2022):

We set it up as a virtualhost. I have edited the file only out of desperation.

sudo httpd -M | grep security 
AH00548: NameVirtualHost has no effect and will be removed in the next release /  
etc/httpd/sites-enabled/bookstack.wkgt.com.ssl.conf:1
traceroute bookstack.wkgt.com 
traceroute to bookstack.wkgt.com (192.168.xxx.xxx), 30 hops max, 60 byte packets
 1  bookstack.wkgt.com (192.168.xxx.xxx)  0.323 ms  0.292 ms  0.268 ms

I'm off for the day, I wish you a great day. And once again thanks for your work and support!

@kdagutat commented on GitHub (Oct 20, 2022): We set it up as a virtualhost. I have edited the file only out of desperation. <details><summary>sudo httpd -M | grep security</summary> <pre>AH00548: NameVirtualHost has no effect and will be removed in the next release / etc/httpd/sites-enabled/bookstack.wkgt.com.ssl.conf:1</pre> </details> <details> <summary>traceroute bookstack.wkgt.com</summary> <pre> traceroute to bookstack.wkgt.com (192.168.xxx.xxx), 30 hops max, 60 byte packets 1 bookstack.wkgt.com (192.168.xxx.xxx) 0.323 ms 0.292 ms 0.268 ms </pre> </details> I'm off for the day, I wish you a great day. And once again thanks for your work and support!
OVERLORD commented 2026-02-05 06:15:25 +03:00
Author
Owner
Copy Link

@kdagutat commented on GitHub (Oct 21, 2022):

Little Update, I dont know if it help us:
When I go to http://bookstack.wkgt.com/etc/passwd, I get the same error message (connection reset).
Even this page is not accessible:
https://bookstack.wkgt.com/etc/passwdddddddddddddddaffafafsdgfndfguidfgnjuidng

These pages do not exist.
Other websites (which also do not exist) I can call up normally and get an error message from bookstacks (page does not exist)

So as soon as etc/passwd is in the url, this error message appears.
mod_security is not installed and not enabled. I add the configuration to disable it in my vhost.conf, without any changes to the error.

@kdagutat commented on GitHub (Oct 21, 2022): Little Update, I dont know if it help us: When I go to `http://bookstack.wkgt.com/etc/passwd`, I get the same error message (connection reset). Even this page is not accessible: `https://bookstack.wkgt.com/etc/passwdddddddddddddddaffafafsdgfndfguidfgnjuidng` These pages do not exist. Other websites (which also do not exist) I can call up normally and get an error message from bookstacks (page does not exist) So as soon as etc/passwd is in the url, this error message appears. mod_security is not installed and not enabled. I add the configuration to disable it in my vhost.conf, without any changes to the error.
OVERLORD commented 2026-02-05 06:15:32 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Oct 21, 2022):

It's another indicator that some level of active intrusion detection or a web application firewall is at play, blocking requests to suspicious requests. Is it you that sets up such machines? If not, might be worth consult the person that does to query if there might be such software at play.

Since you're using RHEL, could also be worth checking SELinux logs just in case. Didn't think it handles data within network requests, but maybe there's an onset affect at play.

@ssddanbrown commented on GitHub (Oct 21, 2022): It's another indicator that some level of active intrusion detection or a web application firewall is at play, blocking requests to suspicious requests. Is it you that sets up such machines? If not, might be worth consult the person that does to query if there might be such software at play. Since you're using RHEL, could also be worth checking SELinux logs just in case. Didn't think it handles data within network requests, but maybe there's an onset affect at play.
OVERLORD commented 2026-02-05 06:15:35 +03:00
Author
Owner
Copy Link

@kdagutat commented on GitHub (Oct 21, 2022):

Thanks for your suggestions, I did not set up the machine, a work colleague of mine did. I'll have a word with him on Monday.
I had also deactivated Selinux for testing purposes - without success.
I wish you a nice weekend.

@kdagutat commented on GitHub (Oct 21, 2022): Thanks for your suggestions, I did not set up the machine, a work colleague of mine did. I'll have a word with him on Monday. I had also deactivated Selinux for testing purposes - without success. I wish you a nice weekend.
OVERLORD commented 2026-02-05 06:15:37 +03:00
Author
Owner
Copy Link

@kdagutat commented on GitHub (Nov 3, 2022):

Well just as little update, we did not manage to solve this issue. But we use bookstack anyway.
Thanks for your help and advices. If I get any updates in relation of this problem I'll share it here.

@kdagutat commented on GitHub (Nov 3, 2022): Well just as little update, we did not manage to solve this issue. But we use bookstack anyway. Thanks for your help and advices. If I get any updates in relation of this problem I'll share it here.
OVERLORD commented 2026-02-05 06:15:47 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Nov 3, 2022):

Thanks for the update. I'll therefore close this off since there's not much else I can advise without deeper knowledge of your environment. If you ever find a BookStack-based cause feel free to raise it with us but I'm fairly confident this is something environment specific.

@ssddanbrown commented on GitHub (Nov 3, 2022): Thanks for the update. I'll therefore close this off since there's not much else I can advise without deeper knowledge of your environment. If you ever find a BookStack-based cause feel free to raise it with us but I'm fairly confident this is something environment specific.
OVERLORD commented 2026-02-05 06:15:50 +03:00
Author
Owner
Copy Link

@kdagutat commented on GitHub (Mar 10, 2023):

After all this time, we finally found out today what the problem was. Your guess was right, a vulnerability scan (as far as I know, within Palo) intervened and broke the connection. I wanted to share it here in case someone has the same problem.

@kdagutat commented on GitHub (Mar 10, 2023): After all this time, we finally found out today what the problem was. Your guess was right, a vulnerability scan (as far as I know, within Palo) intervened and broke the connection. I wanted to share it here in case someone has the same problem.
OVERLORD commented 2026-02-05 06:15:51 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Mar 10, 2023):

@kdagutat Thanks for sharing the update, happy to hear your found the cause.

@ssddanbrown commented on GitHub (Mar 10, 2023): @kdagutat Thanks for sharing the update, happy to hear your found the cause.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🎨 Design
📖 Docs Update
🐛 Bug
🐛 Bug
:cat2:🐈 Possible duplicate
💿 Database
Open to discussion
💻 Front-End
🐕 Support
🚪 Authentication
🌍 Translations
🔌 API Task
🏭 Back-End
Upstream
🔨 Feature Request
🛠️ Enhancement
🛠️ Enhancement
🛠️ Enhancement
❤️ Happy feedback
🔒 Security
🔍 Pending Validation
💆 UX
📝 WYSIWYG Editor
🌔 Out of scope
🔩 API Request
:octocat: Admin/Meta
🖌️ View Customization
Question
🚀 Priority
🛡️ Blocked
🚚 Export System
A11y
🔧 Maintenance
> Markdown Editor
pull-request
Mirrored from GitHub Pull Request
No Label 🐕 Support
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#3287
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?