Hi Maxim,

Thanks for you comment! Do you have any other approaches/suggestions?
I use nginx as a proxy/load-balancer. The request will be processed by the
upstream java servers. I assume my change won't actually modify the actual
header, so upstream will still get the original header and can distinguish
.. and - ?

Regards,
Frank


On Mon, Aug 17, 2015 at 4:31 AM, Maxim Dounin <mdounin@mdounin.ru> wrote:

> Hello!
>
> On Sat, Aug 15, 2015 at 12:15:47AM -0700, Frank Liu wrote:
>
> > I made the below patch and can now use $upstream_http_x_header for
> > logformat to capture the header X.header in the access log. Does anybody
> > see any issues with the patch?
> >
> > --- src/http/ngx_http_variables.c.orig 2015-08-15 02:19:31.635328112
> +0000
> >
> > +++ src/http/ngx_http_variables.c 2015-08-15 02:19:42.051541422 +0000
> >
> > @@ -897,6 +897,8 @@
> >
> >
> >
> > } else if (ch == '-') {
> >
> > ch = '_';
> >
> > + } else if (ch == '.') {
> >
> > + ch = '_';
> >
> > }
>
> Such approach will likely result in security problems, as
> "X.header" and "X-header" would be indistinguishable from nginx
> point of view.
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx