HaProxy 在请求中用 + 字符替换所有空格
HaProxy replace all white spaces with a + character in request
我在查询字符串中收到一个带有空格的 URL,但 HaProxy 将此类请求标记为错误请求我正在尝试使用 reqrep 参数但什么也没有。
例子
http://example.com?ip=10.10.10.10, 1.0.0.0&xyz=abc
space between 10, 1 is not getting resolved by HaProxy.
URI 中的 Spaces 被 RFC-3986 禁止,因此您实质上是在要求 HAProxy 接受明显无效的请求。它不会。 Space 个字符无效,400 Bad Request 是正确的回答。如果您从客户端收到此消息,则客户端已损坏。
HAProxy 有一个代理指令 option accept-invalid-http-request 稍微放松了解析器以允许某些损坏的客户端行为起作用,但文档指出即使使用此选项也永远不允许使用 ASCII 0x20(十进制 32)已启用。
By default, HAProxy complies with RFC7230 in terms of message parsing. This means that invalid characters in header names are not permitted and cause an error to be returned to the client. This is the desired behavior as such forbidden characters are essentially used to build attacks exploiting server weaknesses, and bypass security filtering. Sometimes, a buggy browser or server will emit invalid header names for whatever reason (configuration, implementation) and the issue will not be immediately fixed. In such a case, it is possible to relax HAProxy's header name parser to accept any character even if that does not make sense, by specifying this option. Similarly, the list of characters allowed to appear in a URI is well defined by RFC3986, and chars 0-31, 32 (space), 34 ('"'), 60 ('<'), 62 ('>'), 92 ('\'), 94 ('^'), 96 ('`'), 123 ('{'), 124 ('|'), 125 ('}'), 127 (delete) and anything above are not allowed at all. HAProxy always blocks a number of them (0..32, 127). The remaining ones are blocked by default unless this option is enabled. (emphasis added)
您不能使用 reqrep 修改已经无效的消息。
我在查询字符串中收到一个带有空格的 URL,但 HaProxy 将此类请求标记为错误请求我正在尝试使用 reqrep 参数但什么也没有。
例子
http://example.com?ip=10.10.10.10, 1.0.0.0&xyz=abc
space between 10, 1 is not getting resolved by HaProxy.
Spaces 被 RFC-3986 禁止,因此您实质上是在要求 HAProxy 接受明显无效的请求。它不会。 Space 个字符无效,400 Bad Request 是正确的回答。如果您从客户端收到此消息,则客户端已损坏。
HAProxy 有一个代理指令 option accept-invalid-http-request 稍微放松了解析器以允许某些损坏的客户端行为起作用,但文档指出即使使用此选项也永远不允许使用 ASCII 0x20(十进制 32)已启用。
By default, HAProxy complies with RFC7230 in terms of message parsing. This means that invalid characters in header names are not permitted and cause an error to be returned to the client. This is the desired behavior as such forbidden characters are essentially used to build attacks exploiting server weaknesses, and bypass security filtering. Sometimes, a buggy browser or server will emit invalid header names for whatever reason (configuration, implementation) and the issue will not be immediately fixed. In such a case, it is possible to relax HAProxy's header name parser to accept any character even if that does not make sense, by specifying this option. Similarly, the list of characters allowed to appear in a URI is well defined by RFC3986, and chars 0-31, 32 (space), 34 ('"'), 60 ('<'), 62 ('>'), 92 ('\'), 94 ('^'), 96 ('`'), 123 ('{'), 124 ('|'), 125 ('}'), 127 (delete) and anything above are not allowed at all. HAProxy always blocks a number of them (0..32, 127). The remaining ones are blocked by default unless this option is enabled. (emphasis added)
您不能使用 reqrep 修改已经无效的消息。