logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Solved: Error: Refused to execute script
Author
mokfarg



Joined: 16 Jan 2019
Posts: 4
Location: USA, Colorado

PostPosted: Wed 20 Mar '19 17:18    Post subject: Solved: Error: Refused to execute script Reply with quote

I am hoping someone will be so kind to lend me their expertise. I have investigated the error message via internet searches and so far the issues I have found do not seem to be related to my what I am seeing.

Environment:
Apache 2.4 Server on Ubuntu 18.04 utilized as a reverse proxy server for multiple web servers.

I have added an additional virtual host for a reverse proxy for a web server accessible via https. When accessing the original web server directly, I do not see an error message that I am seeing when reverse proxying through the Apache server.

I am going to post the get and response headers below from when accessing the web server directly and from when accessing through the apache server. I will also post the error message I am seeing below when accessing the website through the Apache reverse proxy. All test have been performed from the same PC with the same OS and same browser.

Last I will post my virtual host configuration for scrutiny. Any suggestions to correct the issue will be appreciated. Thank you.



Error message in Chrome web browser when accessing website through Apache reverse proxy that isn't present when accessing the website directly:
Refused to execute script from 'https://website.domain.org/scripts/file.aspx' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.


Response Header when accessing web server directly:

Cache-Control: private
Content-Length: 3212
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Mar 2019 21:37:21 GMT
Server: Microsoft-IIS/8.5
Set-Cookie: LASTEST_REQUEST_TIME=1553035041458; path=/; secure; HttpOnly
X-AspNet-Version: 4.0.30319
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
X-UA-Compatible: IE=10


Response Header when accessing through apache reverse proxy:

cache-control: private
content-encoding: gzip
content-length: 1218
content-type: text/html; charset=utf-8
date: Tue, 19 Mar 2019 21:33:12 GMT
server: Microsoft-IIS/8.5
set-cookie: LASTEST_REQUEST_TIME=1553034792436; path=/; secure; HttpOnly
status: 200
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
x-content-type-options: nosniff
x-frame-options: sameorigin
x-powered-by: ASP.NET
x-ua-compatible: IE=10



GET header when accessing web server directly:

Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Cookie: .ASPXANONYMOUS...……………..; LASTEST_REQUEST_TIME=1553035041333; _gat_UA-11306486-23=1
Host: https://website.domain.org
Referer: 'https://website.domain.org/scripts/Welcome.aspx'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36

GET header through Apache reverse proxy server:

:authority: onlinepermits.buncombecounty.org
:method: GET
:path: /CitizenAccess/Scripts/GlobalConst.aspx
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: .ASPXANONYMOUS...……………………….; LASTEST_REQUEST_TIME=1553034792295
referer: 'https://website.domain.org/scripts/Welcome.aspx'
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36




Apache Virtual Host Configuration:

#vhost reverse proxy
<VirtualHost *:443>
ServerName website.domain.org
ProxyPreserveHost on
ProxyRequests off
ProxyVia off
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/ssl/certs/cert.pem
SSLCertificateKeyFile /etc/ssl/private/priv.key
ProxyPassReverse / https://website.domain.org/
ProxyPass / https://website.domain.org/


*** changed domain names and URIs ***


Last edited by mokfarg on Fri 22 Mar '19 18:52; edited 1 time in total
Back to top
mokfarg



Joined: 16 Jan 2019
Posts: 4
Location: USA, Colorado

PostPosted: Fri 22 Mar '19 18:41    Post subject: Reply with quote

The backend server being proxied is a vendor server that is presenting a script with an aspx extension. When accessing the webserver directly it does not set a x-content-type nosniff header. I had the Apache reverse proxy server set to provide this security header preventing the client browser from "sniffing" the MIME type.

I hope this helps someone.
Back to top


Reply to topic   Topic: Solved: Error: Refused to execute script View previous topic :: View next topic
Post new topic   Forum Index -> Apache