shrpx: Error parsing headers
amxml opened this issue · 6 comments
I use shrpx 1.2.3 with --spdy-proxy in front of Squid proxy.
It seems shrpx fails when meets invalid response headers and returns 502 error in this case.
It would be better to ignore invalid request and response headers as all browsers do (or at least to add configuration parameter to enable this behaviour).
I can reproduce this issue trying to open http://mandrillapp.com/ (you may need to clean browser cache to reproduce this).
There is invalid header in server response 'HTTP 1/1 302:'
$ telnet mandrillapp.com 80
Trying 54.195.25.150...
Connected to mandrillapp.com.
Escape character is '^]'.
GET / HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36
Host: mandrillapp.com
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.4
Date: Thu, 20 Feb 2014 08:38:36 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
HTTP 1/1 302:
Location: https://mandrillapp.com/
Content-Encoding: gzip
Vary: Accept-Encoding
shrpx log:
[INFO] [UPSTREAM:0x245a1f0] Received upstream SYN_STREAM stream_id=17
(shrpx_spdy_upstream.cc:147)
[INFO] [UPSTREAM:0x245a1f0] HTTP request headers. stream_id=17
:host: mandrillapp.com
:method: GET
:path: /
:scheme: http
:version: HTTP/1.1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
accept-encoding: gzip,deflate,sdch
accept-language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
cache-control: max-age=0
cookie: PHPSESSID=e22943c3ea34910c270db2a2893ccee0; __utma=189480631.1949845358.1392884864.1392884864.1392884864.1; __utmb=189480631.1.10.1392884864; __utmc=189480631; __utmz=189480631.1392884864.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
user-agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36
(shrpx_spdy_upstream.cc:216)
[INFO] [CLIENT_HANDLER:0x23d5840] Downstream connection pool is empty. Create new one
(shrpx_client_handler.cc:320)
[INFO] [DCONN:0x245f280] Attaching to DOWNSTREAM:0x243aae0
(shrpx_http_downstream_connection.cc:74)
[INFO] [DCONN:0x245f280] Connecting to downstream server
(shrpx_http_downstream_connection.cc:93)
[INFO] [DCONN:0x245f280] HTTP request headers. stream_id=17
GET http://mandrillapp.com/ HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control: max-age=0
Cookie: PHPSESSID=e22943c3ea34910c270db2a2893ccee0; __utma=189480631.1949845358.1392884864.1392884864.1392884864.1; __utmb=189480631.1.10.1392884864; __utmc=189480631; __utmz=189480631.1392884864.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36
Host: mandrillapp.com
X-Forwarded-For: 10.10.10.10
X-Forwarded-Proto: http
Via: 1.1 shrpx
(shrpx_http_downstream_connection.cc:208)
[INFO] [DCONN:0x245f280] Connection established. stream_id=17
(shrpx_spdy_upstream.cc:584)
[INFO] [DCONN:0x245f280] HTTP parser failure: (HPE_INVALID_HEADER_TOKEN) invalid character in header
(shrpx_http_downstream_connection.cc:467)
[INFO] [DCONN:0x245f280] HTTP parser failure
(shrpx_spdy_upstream.cc:534)
10.10.10.10 [Thu Feb 20 08:27:55 2014] 502 17 "GET http://mandrillapp.com/ HTTP/1.1"
[INFO] [UPSTREAM:0x245a1f0] Stream stream_id=17 is being closed
(shrpx_spdy_upstream.cc:99)
[INFO] [DOWNSTREAM:0x243aae0] Deleting
(shrpx_downstream.cc:67)
[INFO] [DOWNSTREAM:0x243aae0] Deleted
(shrpx_downstream.cc:77)
shrpx config:
spdy-proxy=yes
frontend=0.0.0.0,443
backend=127.0.0.1,3128
workers=1
private-key-file=/etc/shrpx/server.key
certificate-file=/etc/shrpx/server.crt
log-level=INFO
accesslog=yes
add-x-forwarded-for=yes
pid-file=/var/run/shrpx.pid
user=proxy
65781d0 loosen the check for header field and effectively fixes this issue.
It sill does not work because non-strict http-parser mode only whitelist SPC and this broken server sends '/' in headers.
Is it possible to just ignore invalid headers instead of cancelling request/response processing?
I believe 03391f0 fix this issue.
Please test it and report the result here.
I wasn't able to check all cases with invalid headers, but at least the reported issue is fixed.
Thank you!