[nginx] Improved logging of invalid headers.
Maxim Dounin
mdounin at mdounin.ru
Mon Jun 28 18:36:38 UTC 2021
details: https://hg.nginx.org/nginx/rev/b87b7092cedb
branches:
changeset: 7884:b87b7092cedb
user: Maxim Dounin <mdounin at mdounin.ru>
date: Mon Jun 28 18:01:20 2021 +0300
description:
Improved logging of invalid headers.
In 71edd9192f24 logging of invalid headers which were rejected with the
NGX_HTTP_PARSE_INVALID_HEADER error was restricted to just the "client
sent invalid header line" message, without any attempts to log the header
itself.
This patch returns logging of the header up to the invalid character and
the character itself. The r->header_end pointer is now properly set
in all cases to make logging possible.
The same logging is also introduced when parsing headers from upstream
servers.
diffstat:
src/http/modules/ngx_http_fastcgi_module.c | 10 ++++++----
src/http/modules/ngx_http_proxy_module.c | 10 ++++++----
src/http/modules/ngx_http_scgi_module.c | 10 ++++++----
src/http/modules/ngx_http_uwsgi_module.c | 10 ++++++----
src/http/ngx_http_parse.c | 5 +++++
src/http/ngx_http_request.c | 4 +++-
6 files changed, 32 insertions(+), 17 deletions(-)
diffs (137 lines):
diff -r 41f4bd4c51f1 -r b87b7092cedb src/http/modules/ngx_http_fastcgi_module.c
--- a/src/http/modules/ngx_http_fastcgi_module.c Mon Jun 28 18:01:18 2021 +0300
+++ b/src/http/modules/ngx_http_fastcgi_module.c Mon Jun 28 18:01:20 2021 +0300
@@ -2019,10 +2019,12 @@ ngx_http_fastcgi_process_header(ngx_http
break;
}
- /* there was error while a header line parsing */
-
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "upstream sent invalid header");
+ /* rc == NGX_HTTP_PARSE_INVALID_HEADER */
+
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "upstream sent invalid header: \"%*s\\x%02xd...\"",
+ r->header_end - r->header_name_start,
+ r->header_name_start, *r->header_end);
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
}
diff -r 41f4bd4c51f1 -r b87b7092cedb src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c Mon Jun 28 18:01:18 2021 +0300
+++ b/src/http/modules/ngx_http_proxy_module.c Mon Jun 28 18:01:20 2021 +0300
@@ -2019,10 +2019,12 @@ ngx_http_proxy_process_header(ngx_http_r
return NGX_AGAIN;
}
- /* there was error while a header line parsing */
-
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "upstream sent invalid header");
+ /* rc == NGX_HTTP_PARSE_INVALID_HEADER */
+
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "upstream sent invalid header: \"%*s\\x%02xd...\"",
+ r->header_end - r->header_name_start,
+ r->header_name_start, *r->header_end);
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
}
diff -r 41f4bd4c51f1 -r b87b7092cedb src/http/modules/ngx_http_scgi_module.c
--- a/src/http/modules/ngx_http_scgi_module.c Mon Jun 28 18:01:18 2021 +0300
+++ b/src/http/modules/ngx_http_scgi_module.c Mon Jun 28 18:01:20 2021 +0300
@@ -1140,10 +1140,12 @@ ngx_http_scgi_process_header(ngx_http_re
return NGX_AGAIN;
}
- /* there was error while a header line parsing */
-
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "upstream sent invalid header");
+ /* rc == NGX_HTTP_PARSE_INVALID_HEADER */
+
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "upstream sent invalid header: \"%*s\\x%02xd...\"",
+ r->header_end - r->header_name_start,
+ r->header_name_start, *r->header_end);
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
}
diff -r 41f4bd4c51f1 -r b87b7092cedb src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c Mon Jun 28 18:01:18 2021 +0300
+++ b/src/http/modules/ngx_http_uwsgi_module.c Mon Jun 28 18:01:20 2021 +0300
@@ -1361,10 +1361,12 @@ ngx_http_uwsgi_process_header(ngx_http_r
return NGX_AGAIN;
}
- /* there was error while a header line parsing */
-
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "upstream sent invalid header");
+ /* rc == NGX_HTTP_PARSE_INVALID_HEADER */
+
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "upstream sent invalid header: \"%*s\\x%02xd...\"",
+ r->header_end - r->header_name_start,
+ r->header_name_start, *r->header_end);
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
}
diff -r 41f4bd4c51f1 -r b87b7092cedb src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c Mon Jun 28 18:01:18 2021 +0300
+++ b/src/http/ngx_http_parse.c Mon Jun 28 18:01:20 2021 +0300
@@ -894,6 +894,7 @@ ngx_http_parse_header_line(ngx_http_requ
}
if (ch <= 0x20 || ch == 0x7f || ch == ':') {
+ r->header_end = p;
return NGX_HTTP_PARSE_INVALID_HEADER;
}
@@ -962,6 +963,7 @@ ngx_http_parse_header_line(ngx_http_requ
}
if (ch <= 0x20 || ch == 0x7f) {
+ r->header_end = p;
return NGX_HTTP_PARSE_INVALID_HEADER;
}
@@ -984,6 +986,7 @@ ngx_http_parse_header_line(ngx_http_requ
r->header_end = p;
goto done;
case '\0':
+ r->header_end = p;
return NGX_HTTP_PARSE_INVALID_HEADER;
default:
r->header_start = p;
@@ -1007,6 +1010,7 @@ ngx_http_parse_header_line(ngx_http_requ
r->header_end = p;
goto done;
case '\0':
+ r->header_end = p;
return NGX_HTTP_PARSE_INVALID_HEADER;
}
break;
@@ -1022,6 +1026,7 @@ ngx_http_parse_header_line(ngx_http_requ
case LF:
goto done;
case '\0':
+ r->header_end = p;
return NGX_HTTP_PARSE_INVALID_HEADER;
default:
state = sw_value;
diff -r 41f4bd4c51f1 -r b87b7092cedb src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Mon Jun 28 18:01:18 2021 +0300
+++ b/src/http/ngx_http_request.c Mon Jun 28 18:01:20 2021 +0300
@@ -1522,7 +1522,9 @@ ngx_http_process_request_headers(ngx_eve
/* rc == NGX_HTTP_PARSE_INVALID_HEADER */
ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid header line");
+ "client sent invalid header line: \"%*s\\x%02xd...\"",
+ r->header_end - r->header_name_start,
+ r->header_name_start, *r->header_end);
ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
break;
More information about the nginx-devel
mailing list