Welcome! Log In Create A New Profile

Advanced

Re: header handling

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
August 17, 2015 07:32AM
Hello!

On Sat, Aug 15, 2015 at 12:15:47AM -0700, Frank Liu wrote:

> I made the below patch and can now use $upstream_http_x_header for
> logformat to capture the header X.header in the access log. Does anybody
> see any issues with the patch?
>
> --- src/http/ngx_http_variables.c.orig 2015-08-15 02:19:31.635328112 +0000
>
> +++ src/http/ngx_http_variables.c 2015-08-15 02:19:42.051541422 +0000
>
> @@ -897,6 +897,8 @@
>
>
>
> } else if (ch == '-') {
>
> ch = '_';
>
> + } else if (ch == '.') {
>
> + ch = '_';
>
> }

Such approach will likely result in security problems, as
"X.header" and "X-header" would be indistinguishable from nginx
point of view.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

header handling

Frank Liu August 14, 2015 12:52PM

Re: header handling

ryd994 August 14, 2015 01:38PM

Re: header handling

Frank Liu August 14, 2015 04:06PM

Re: header handling

Frank Liu August 15, 2015 03:18AM

Re: header handling

Maxim Dounin August 17, 2015 07:32AM

Re: header handling

Frank Liu August 17, 2015 07:40PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 117
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready