Welcome! Log In Create A New Profile

Advanced

[nginx] Improved logging of invalid headers.

Maxim Dounin
June 28, 2021 02:38PM
details: https://hg.nginx.org/nginx/rev/b87b7092cedb
branches:
changeset: 7884:b87b7092cedb
user: Maxim Dounin <mdounin@mdounin.ru>
date: Mon Jun 28 18:01:20 2021 +0300
description:
Improved logging of invalid headers.

In 71edd9192f24 logging of invalid headers which were rejected with the
NGX_HTTP_PARSE_INVALID_HEADER error was restricted to just the "client
sent invalid header line" message, without any attempts to log the header
itself.

This patch returns logging of the header up to the invalid character and
the character itself. The r->header_end pointer is now properly set
in all cases to make logging possible.

The same logging is also introduced when parsing headers from upstream
servers.

diffstat:

src/http/modules/ngx_http_fastcgi_module.c | 10 ++++++----
src/http/modules/ngx_http_proxy_module.c | 10 ++++++----
src/http/modules/ngx_http_scgi_module.c | 10 ++++++----
src/http/modules/ngx_http_uwsgi_module.c | 10 ++++++----
src/http/ngx_http_parse.c | 5 +++++
src/http/ngx_http_request.c | 4 +++-
6 files changed, 32 insertions(+), 17 deletions(-)

diffs (137 lines):

diff -r 41f4bd4c51f1 -r b87b7092cedb src/http/modules/ngx_http_fastcgi_module.c
--- a/src/http/modules/ngx_http_fastcgi_module.c Mon Jun 28 18:01:18 2021 +0300
+++ b/src/http/modules/ngx_http_fastcgi_module.c Mon Jun 28 18:01:20 2021 +0300
@@ -2019,10 +2019,12 @@ ngx_http_fastcgi_process_header(ngx_http
break;
}

- /* there was error while a header line parsing */
-
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "upstream sent invalid header");
+ /* rc == NGX_HTTP_PARSE_INVALID_HEADER */
+
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "upstream sent invalid header: \"%*s\\x%02xd...\"",
+ r->header_end - r->header_name_start,
+ r->header_name_start, *r->header_end);

return NGX_HTTP_UPSTREAM_INVALID_HEADER;
}
diff -r 41f4bd4c51f1 -r b87b7092cedb src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c Mon Jun 28 18:01:18 2021 +0300
+++ b/src/http/modules/ngx_http_proxy_module.c Mon Jun 28 18:01:20 2021 +0300
@@ -2019,10 +2019,12 @@ ngx_http_proxy_process_header(ngx_http_r
return NGX_AGAIN;
}

- /* there was error while a header line parsing */
-
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "upstream sent invalid header");
+ /* rc == NGX_HTTP_PARSE_INVALID_HEADER */
+
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "upstream sent invalid header: \"%*s\\x%02xd...\"",
+ r->header_end - r->header_name_start,
+ r->header_name_start, *r->header_end);

return NGX_HTTP_UPSTREAM_INVALID_HEADER;
}
diff -r 41f4bd4c51f1 -r b87b7092cedb src/http/modules/ngx_http_scgi_module.c
--- a/src/http/modules/ngx_http_scgi_module.c Mon Jun 28 18:01:18 2021 +0300
+++ b/src/http/modules/ngx_http_scgi_module.c Mon Jun 28 18:01:20 2021 +0300
@@ -1140,10 +1140,12 @@ ngx_http_scgi_process_header(ngx_http_re
return NGX_AGAIN;
}

- /* there was error while a header line parsing */
-
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "upstream sent invalid header");
+ /* rc == NGX_HTTP_PARSE_INVALID_HEADER */
+
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "upstream sent invalid header: \"%*s\\x%02xd...\"",
+ r->header_end - r->header_name_start,
+ r->header_name_start, *r->header_end);

return NGX_HTTP_UPSTREAM_INVALID_HEADER;
}
diff -r 41f4bd4c51f1 -r b87b7092cedb src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c Mon Jun 28 18:01:18 2021 +0300
+++ b/src/http/modules/ngx_http_uwsgi_module.c Mon Jun 28 18:01:20 2021 +0300
@@ -1361,10 +1361,12 @@ ngx_http_uwsgi_process_header(ngx_http_r
return NGX_AGAIN;
}

- /* there was error while a header line parsing */
-
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "upstream sent invalid header");
+ /* rc == NGX_HTTP_PARSE_INVALID_HEADER */
+
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "upstream sent invalid header: \"%*s\\x%02xd...\"",
+ r->header_end - r->header_name_start,
+ r->header_name_start, *r->header_end);

return NGX_HTTP_UPSTREAM_INVALID_HEADER;
}
diff -r 41f4bd4c51f1 -r b87b7092cedb src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c Mon Jun 28 18:01:18 2021 +0300
+++ b/src/http/ngx_http_parse.c Mon Jun 28 18:01:20 2021 +0300
@@ -894,6 +894,7 @@ ngx_http_parse_header_line(ngx_http_requ
}

if (ch <= 0x20 || ch == 0x7f || ch == ':') {
+ r->header_end = p;
return NGX_HTTP_PARSE_INVALID_HEADER;
}

@@ -962,6 +963,7 @@ ngx_http_parse_header_line(ngx_http_requ
}

if (ch <= 0x20 || ch == 0x7f) {
+ r->header_end = p;
return NGX_HTTP_PARSE_INVALID_HEADER;
}

@@ -984,6 +986,7 @@ ngx_http_parse_header_line(ngx_http_requ
r->header_end = p;
goto done;
case '\0':
+ r->header_end = p;
return NGX_HTTP_PARSE_INVALID_HEADER;
default:
r->header_start = p;
@@ -1007,6 +1010,7 @@ ngx_http_parse_header_line(ngx_http_requ
r->header_end = p;
goto done;
case '\0':
+ r->header_end = p;
return NGX_HTTP_PARSE_INVALID_HEADER;
}
break;
@@ -1022,6 +1026,7 @@ ngx_http_parse_header_line(ngx_http_requ
case LF:
goto done;
case '\0':
+ r->header_end = p;
return NGX_HTTP_PARSE_INVALID_HEADER;
default:
state = sw_value;
diff -r 41f4bd4c51f1 -r b87b7092cedb src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Mon Jun 28 18:01:18 2021 +0300
+++ b/src/http/ngx_http_request.c Mon Jun 28 18:01:20 2021 +0300
@@ -1522,7 +1522,9 @@ ngx_http_process_request_headers(ngx_eve
/* rc == NGX_HTTP_PARSE_INVALID_HEADER */

ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid header line");
+ "client sent invalid header line: \"%*s\\x%02xd...\"",
+ r->header_end - r->header_name_start,
+ r->header_name_start, *r->header_end);

ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
break;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] Improved logging of invalid headers.

Maxim Dounin 91 June 28, 2021 02:38PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 62
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready