@Daijobou opened this Issue on May 21st 2022

Since the update to version 4.10 I get banned from my own server. The reason is that Fail2ban checks the access_logs for HTTP status 403 and bans the corresponding IPs. In my case Matomo causes these 403 messages in access_log. In the html source code I found this line in Matomo:

<link rel="manifest" href="plugins/CoreHome/javascripts/manifest.json" crossorigin="use-credentials">

In Browser I get for this

You don't have permission to access this resource.

Apparently the browser has no access to the path. This was not a problem in the previous version of Matomo.
I the same folder is this file plugins/CoreHome/javascripts/noreferrer.js and here I can access this file without 403.

So I take a look and found plugins/htaccess and here is json for "safe static files" missing:

# Allow to serve static files which are safe
<Files ~ "\.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2)$">

SOLUTION: After add "json" here, the issue is gone and manifest.json send HTTP Status 200.

Why you have here "mp3|mp4|wav|ogg|avi", in which cases you use this types of media-files here in matomo?
Its make more sense to add image type "webp" here, if you want to use the modern image format instead of "jpg" in the future. :)

@peterhashair commented on May 23rd 2022 Contributor

@Daijobou thanks for providing the info, our product team view review this as soon as we can.

hints: ServerFilesGenerator.php probably here needs an update as the issue requested.

@sgiehl commented on May 23rd 2022 Member

this is most likely a regression from #19051

@justinvelluppillai commented on May 24th 2022 Member

@sgiehl are you happy to revert #19051 to fix this?

@sgiehl commented on May 24th 2022 Member

@justinvelluppillai Reverting might not be the best choice. I'll prepare a PR to fix that another way

@MatomoForumNotifications commented on June 13th 2022

This issue has been mentioned on Matomo forums. There might be relevant details there:


This Issue was closed on May 25th 2022
Powered by GitHub Issue Mirror