Proxy error upon saving when "information_schema" is mentioned in the text

[matthewazzaro]

Describe the Bug

After filling out a new page, when I clicked save my proxy server returned a 502 Bad Gateway error. I had a hunch so I removed certain text, and then it saved fine. Put the text back and saved again, error occurred again. It's easily reproducible.

Steps to Reproduce

1. Create a new book (might not be necessary) and a new page.
2. Create a new page and edit it.
3. Enter this text:
   SELECT * 
   FROM information_schema.columns 
   WHERE data_type = 'NVARCHAR'                                               -- Search for specific data types. Does not include column lengths.
   AND CHARACTER_MAXIMUM_LENGTH = -1                              -- MAX = -1
   order by TABLE_NAME, ORDINAL_POSITION;
4. Click save --> 502 Bad Gateway
5. Edit page again
6. Remove text and click save --> Saves w/o error
7. Edit page again
8. Add text back and click save --> 502 Bad Gateway

From there, I tried to single out what was specifically causing the error. I reduced it down to only "information_schema" being the culprit. I then edited the page again, and changed the text to "information schema", and was able to save w/o error. So it seemed like the string "information_schema" was specifically causing the problem. But then to ensure I had a minimal reproduction scenario, I created another new book, new page, edited the page, and typed "information_schema" in it, and clicked save. This time, it saved w/o error.

In other words, once I got the error using the full SQL statement above, you continue to get the error so long as "information_schema" is still in the text. But that string alone on a NEW page, is not enough to cause the error. Very strange!

Expected Behaviour

I should be able to save a page with this text, without any error from my proxy server:
SELECT * 
FROM information_schema.columns 
WHERE data_type = 'NVARCHAR'                                               -- Search for specific data types. Does not include column lengths.
AND CHARACTER_MAXIMUM_LENGTH = -1                              -- MAX = -1
order by TABLE_NAME, ORDINAL_POSITION;

Screenshots or Additional Context

No response

Browser Details

Firefox 128.8.0esr (64-bit)

Exact BookStack Version

Pending, I don't have access to it myself.

[matthewazzaro]

I got the version number but I can't seem to edit the text, just the title of the ticket. Anyway, it's version 23.08.3.

[ssddanbrown]

Hi @matthewazzaro,

This kind of thing typically happens when you have a WAF, or some other security proxy, involved. Common examples are Cloudflare and mod_security.
There shouldn't be anything specifically in BookStack which would lead to that behaviour.

Do you have something like that on the same server or sitting in front of it as a proxy?

[ssddanbrown]

Since there's been no further follow up I'll go ahead and close this off.