开启WAF后Websocket无法正常运行

1Panel
, ,
1

版本信息:专业版 v2.0.0-beta.1
问题描述:在开启WAF的全局后发现Websocket连接不上,关闭全局则表现为正常,为单个网站配置关闭WAF Websocket也无法正常运行,WAF日志中并没有拦截日志,从网站日志中存在500报错,同时访问网站时存在报错
Openresty日志

125.107.69.2 - - [15/May/2025:13:10:56 +0000] "POST /socket.io/?EIO=4&transport=polling&t=e14gji41&sid=H6DziVC5BjKeQeKjAAr0 HTTP/2.0" 500 576 "https://monitor.xxxxx.com/settings/security" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Edg/136.0.0.0"136.0.0.0" "-"

125.107.69.2 - - [15/May/2025:13:10:56 +0000] "GET /socket.io/?EIO=4&transport=polling&t=e0liioq0&sid=xmfmgkM4Ce7kmVguAArk HTTP/2.0" 200 1 "https://monitor.xxxxx.com/dashboard/25" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Edg/136.0.0.0"136.0.0.0" "-"

125.107.69.2 - - [15/May/2025:13:10:57 +0000] "GET /socket.io/?EIO=4&transport=polling&t=e15jmhed HTTP/2.0" 200 118 "https://monitor.xxxxx.com/settings/security" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Edg/136.0.0.0"136.0.0.0" "-"

125.107.69.2 - - [15/May/2025:13:10:57 +0000] "GET /socket.io/?EIO=4&transport=polling&t=e15jm9dl HTTP/2.0" 200 118 "https://monitor.xxxxx.com/dashboard/25" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Edg/136.0.0.0"136.0.0.0" "-"

125.107.69.2 - - [15/May/2025:13:10:57 +0000] "POST /socket.io/?EIO=4&transport=polling&t=e15kf2rc&sid=Mta0nZYWKJX_6CXlAAr1 HTTP/2.0" 500 576 "https://monitor.xxxxx.com/settings/security" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Edg/136.0.0.0"136.0.0.0" "-"

125.107.69.2 - - [15/May/2025:13:10:57 +0000] "POST /socket.io/?EIO=4&transport=polling&t=e15kjsz5&sid=9fsNDOiX0ofSEseOAAr2 HTTP/2.0" 500 576 "https://monitor.xxxxx.com/dashboard/25" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Edg/136.0.0.0"136.0.0.0" "-"

125.107.69.2 - - [15/May/2025:13:10:58 +0000] "POST /socket.io/?EIO=4&transport=polling&t=e15ktftp&sid=Mta0nZYWKJX_6CXlAAr1 HTTP/2.0" 500 576 "https://monitor.xxxxx.com/settings/security" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Edg/136.0.0.0"136.0.0.0" "-"

125.107.69.2 - - [15/May/2025:13:10:58 +0000] "POST /socket.io/?EIO=4&transport=polling&t=e15kvjm1&sid=9fsNDOiX0ofSEseOAAr2 HTTP/2.0" 500 576 "https://monitor.xxxxx.com/dashboard/25" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Edg/136.0.0.0"136.0.0.0" "-"

125.107.69.2 - - [15/May/2025:13:10:58 +0000] "GET /socket.io/?EIO=4&transport=polling&t=e0n1oxb8&sid=JB_ksWMg0UAL1vdQAArl HTTP/2.0" 200 1 "https://monitor.xxxxx.com/dashboard/25" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Edg/136.0.0.0"136.0.0.0" "-"

访问URL控制台存在报错

index-B_z9mVlf.js:16 POST https://monitor.xxxxx.com/socket.io/?EIO=4&transport=polling&t=ecvcjbsf&sid=qafgXk5n9sdAJhy8AAy_ 500 (Internal Server Error)

index-B_z9mVlf.js:21 Failed to connect to the backend. Socket.io connect_error: xhr post error

WebSocket connection to '<URL>' failed: WebSocket is closed before the connection is established.

index-B_z9mVlf.js:16  WebSocket connection to 'wss://monitor.xxxxx.com/socket.io/?EIO=4&transport=websocket&sid=qafgXk5n9sdAJhy8AAy_' failed: WebSocket is closed before the connection is established.

image
image950×827 141 KB

2

感谢反馈 我们看一下

3

补充一下,这种情况在1panel v1中并没有出现因为WAF的原因Websocket无法正常运行

4

问题已经解决,通过添加了对Websocket的自定义规则绕过了WAF

5

我用 1Panel 的 websocket 试了一下 没复现这个问题
您是什么应用?

6

是uptime kuma , 还有另外一个mcsm 的daemon , 这两个的Websocket 在开启WAF 的时候都无法运行 , 1panel 面板版本v2 beta.1 和v2 beta.2 都是这样
可能还有一个前提条件 , 部署SSL证书
可能还存在另外一个前提条件 , 通过frp内网穿透到服务器 , 再通过Openresty 的反向代理到域名
系统是Ubuntu 24.01 LTS x86_64 ,
内核版本6.8.0-48-generic
mcsm 的daemon 连接显示的也是xhr post error , 节点状态显示的在线但是网页直连显示的离线