header handling
Frank Liu
gfrankliu at gmail.com
Mon Aug 17 23:39:01 UTC 2015
Hi Maxim,
Thanks for you comment! Do you have any other approaches/suggestions?
I use nginx as a proxy/load-balancer. The request will be processed by the
upstream java servers. I assume my change won't actually modify the actual
header, so upstream will still get the original header and can distinguish
. and - ?
Regards,
Frank
On Mon, Aug 17, 2015 at 4:31 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> Hello!
>
> On Sat, Aug 15, 2015 at 12:15:47AM -0700, Frank Liu wrote:
>
> > I made the below patch and can now use $upstream_http_x_header for
> > logformat to capture the header X.header in the access log. Does anybody
> > see any issues with the patch?
> >
> > --- src/http/ngx_http_variables.c.orig 2015-08-15 02:19:31.635328112
> +0000
> >
> > +++ src/http/ngx_http_variables.c 2015-08-15 02:19:42.051541422 +0000
> >
> > @@ -897,6 +897,8 @@
> >
> >
> >
> > } else if (ch == '-') {
> >
> > ch = '_';
> >
> > + } else if (ch == '.') {
> >
> > + ch = '_';
> >
> > }
>
> Such approach will likely result in security problems, as
> "X.header" and "X-header" would be indistinguishable from nginx
> point of view.
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150817/486a866d/attachment.html>
More information about the nginx
mailing list