āĻāĻŽāĻžāĻĻā§āĻ° āĻā§āĻ˛āĻžāĻ¯āĻŧā§āĻ¨ā§āĻā§āĻ° āĻāĻāĻāĻ¨ āĻĒā§āĻ°āĻ¤āĻŋāĻ¨āĻŋāĻ§āĻŋ, āĻ¯āĻžāĻ° āĻ
ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨ āĻ¸ā§āĻā§āĻ¯āĻžāĻ āĻŽāĻžāĻāĻā§āĻ°ā§āĻ¸āĻĢā§āĻ āĻā§āĻ˛āĻžāĻāĻĄ (āĻāĻāĻŋāĻāĻ°) āĻ āĻĨāĻžāĻā§, āĻāĻāĻāĻŋ āĻ¸āĻŽāĻ¸ā§āĻ¯āĻžāĻ° āĻ¸āĻŽāĻžāĻ§āĻžāĻ¨ āĻāĻ°ā§āĻā§: āĻ¸āĻŽā§āĻĒā§āĻ°āĻ¤āĻŋ, āĻāĻāĻ°ā§āĻĒ āĻĨā§āĻā§ āĻāĻŋāĻā§ āĻā§āĻ˛āĻžāĻ¯āĻŧā§āĻ¨ā§āĻā§āĻ° āĻāĻŋāĻā§ āĻ
āĻ¨ā§āĻ°ā§āĻ§ āĻ¤ā§āĻ°ā§āĻāĻŋ 400 āĻĻāĻŋāĻ¯āĻŧā§ āĻļā§āĻˇ āĻšāĻ¤ā§ āĻļā§āĻ°ā§ āĻāĻ°ā§āĻā§ (
āĻ
ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨āĻā§āĻ˛āĻŋāĻ° āĻŽāĻ§ā§āĻ¯ā§ āĻāĻāĻāĻŋ āĻšāĻ˛ API, āĻ¯āĻžāĻ° āĻŽāĻžāĻ§ā§āĻ¯āĻŽā§ āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻā§āĻ°ā§āĻ¯āĻžāĻĢāĻŋāĻ āĻļā§āĻˇ āĻĒāĻ°ā§āĻ¯āĻ¨ā§āĻ¤ āĻāĻ¸ā§āĨ¤ āĻāĻ āĻā§āĻ°āĻžāĻĢāĻŋāĻ HTTP āĻ¸āĻžāĻ°ā§āĻāĻžāĻ° āĻĻā§āĻŦāĻžāĻ°āĻž āĻļā§āĻ¨āĻž āĻšāĻ¯āĻŧ
āĻāĻ¨āĻā§āĻ°ā§āĻ¸ā§ āĻ¤ā§āĻ°ā§āĻāĻŋāĻāĻŋ āĻĻā§āĻāĻ¤ā§ āĻāĻāĻ°āĻāĻŽ āĻāĻŋāĻ˛:
{
"number_fields":{
"status":400,
"request_time":0.001,
"bytes_sent":465,
"upstream_response_time":0,
"upstream_retries":0,
"bytes_received":2328
},
"stream":"stdout",
"string_fields":{
"ingress":"app",
"protocol":"HTTP/1.1",
"request_id":"f9ab8540407208a119463975afda90bc",
"path":"/api/sign-in",
"nginx_upstream_status":"400",
"service":"app",
"namespace":"production",
"location":"/front",
"scheme":"https",
"method":"POST",
"nginx_upstream_response_time":"0.000",
"nginx_upstream_bytes_received":"120",
"vhost":"api.app.example.com",
"host":"api.app.example.com",
"user":"",
"address":"83.41.81.250",
"nginx_upstream_addr":"10.240.0.110:80",
"referrer":"https://api.app.example.com/auth/login?long_encrypted_header",
"service_port":"http",
"user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36",
"time":"2019-03-06T18:29:16+00:00",
"content_kind":"cache-headers-not-present",
"request_query":""
},
"timestamp":"2019-03-06 18:29:16",
"labels":{
"app":"nginx",
"pod-template-generation":"6",
"controller-revision-hash":"1682636041"
},
"namespace":"kube-nginx-ingress",
"nsec":6726612,
"source":"kubernetes",
"host":"k8s-node-55555-0",
"pod_name":"nginx-v2hcb",
"container_name":"nginx",
"boolean_fields":{}
}
āĻāĻāĻ āĻ¸āĻŽāĻ¯āĻŧā§, āĻā§āĻ¸ā§āĻā§āĻ°ā§āĻ˛ āĻĻāĻŋāĻ¯āĻŧā§āĻā§āĻ¨:
HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0
āĻāĻŽāĻ¨āĻāĻŋ āĻ¸āĻ°ā§āĻŦāĻžāĻ§āĻŋāĻ āĻļāĻŦā§āĻĻāĻāĻ¯āĻŧāĻ¨ā§āĻ° āĻ¸āĻžāĻĨā§āĻ, āĻā§āĻ¸ā§āĻā§āĻ°ā§āĻ˛ āĻ¤ā§āĻ°ā§āĻāĻŋāĻāĻŋ āĻ āĻ¤ā§āĻ¯āĻ¨ā§āĻ¤ āĻ āĻ¨ā§āĻ¤āĻ°ā§āĻā§āĻā§āĻ¤ āĻ¸āĻžāĻŽāĻžāĻ¨ā§āĻ¯ āĻĻāĻ°āĻāĻžāĻ°ā§ āĻ¤āĻĨā§āĻ¯:
{
"number_fields":{"ThreadId":76},
"stream":"stdout",
"string_fields":{
"EventId":"{"Id"=>17, "Name"=>"ConnectionBadRequest"}",
"SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
"ConnectionId":"0HLL2VJSST5KV",
"@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
"@t":"2019-03-07T13:06:48.1449083Z",
"@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
"message":"Malformed request: invalid headers."
},
"timestamp":"2019-03-07 13:06:48",
"labels":{
"pod-template-hash":"2368795483",
"service":"app"
},
"namespace":"production",
"nsec":145341848,
"source":"kubernetes",
"host":"k8s-node-55555-1",
"pod_name":"app-67bdcf98d7-mhktx",
"container_name":"app",
"boolean_fields":{}
}
āĻŽāĻ¨ā§ āĻšāĻā§āĻā§ āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° tcpdump āĻāĻ āĻ¸āĻŽāĻ¸ā§āĻ¯āĻžāĻ° āĻ¸āĻŽāĻžāĻ§āĻžāĻ¨ āĻāĻ°āĻ¤ā§ āĻ¸āĻžāĻšāĻžāĻ¯ā§āĻ¯ āĻāĻ°āĻŦā§... āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻāĻŽāĻŋ āĻā§āĻ°āĻžāĻĢāĻŋāĻ āĻā§āĻāĻ¨ āĻ¸āĻŽā§āĻĒāĻ°ā§āĻā§ āĻĒā§āĻ¨āĻ°āĻžāĻŦā§āĻ¤ā§āĻ¤āĻŋ āĻāĻ°āĻŦ:
āĻ¤āĻĻāĻ¨ā§āĻ¤
āĻ¸ā§āĻĒāĻˇā§āĻāĻ¤āĻ, āĻāĻāĻŋ āĻā§āĻ°ā§āĻ¯āĻžāĻĢāĻŋāĻ āĻļā§āĻ¨āĻ¤ā§ āĻāĻžāĻ˛ āĻ¯ā§ āĻ¨āĻŋāĻ°ā§āĻĻāĻŋāĻˇā§āĻ āĻ¨ā§āĻĄ āĻāĻĒāĻ°, āĻ¯ā§āĻāĻžāĻ¨ā§ āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸ āĻāĻāĻāĻŋ āĻĒāĻĄ āĻ¸ā§āĻĨāĻžāĻĒāĻ¨ āĻāĻ°ā§āĻā§: āĻĄāĻžāĻŽā§āĻĒā§āĻ° āĻāĻ¯āĻŧāĻ¤āĻ¨ āĻāĻŽāĻ¨ āĻšāĻŦā§ āĻ¯ā§ āĻ āĻ¨ā§āĻ¤āĻ¤ āĻāĻŋāĻā§ āĻĻā§āĻ°ā§āĻ¤ āĻā§āĻāĻā§ āĻĒāĻžāĻāĻ¯āĻŧāĻž āĻ¸āĻŽā§āĻāĻŦ āĻšāĻŦā§āĨ¤ āĻāĻŦāĻ āĻĒā§āĻ°āĻā§āĻ¤āĻĒāĻā§āĻˇā§, āĻāĻāĻŋ āĻĒāĻ°ā§āĻā§āĻˇāĻž āĻāĻ°āĻžāĻ° āĻ¸āĻŽāĻ¯āĻŧ, āĻ¨āĻŋāĻŽā§āĻ¨āĻ˛āĻŋāĻāĻŋāĻ¤ āĻĢā§āĻ°ā§āĻŽāĻāĻŋ āĻ˛āĻā§āĻˇā§āĻ¯ āĻāĻ°āĻž āĻā§āĻā§:
GET /back/user HTTP/1.1
Host: api.app.example.com
X-Request-ID: 27ceb14972da8c21a8f92904b3eff1e5
X-Real-IP: 83.41.81.250
X-Forwarded-For: 83.41.81.250
X-Forwarded-Host: api.app.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Original-URI: /front/back/user
X-Scheme: https
X-Original-Forwarded-For: 83.41.81.250
X-Nginx-Geo-Client-Country: Spain
X-Nginx-Geo-Client-City: M.laga
Accept-Encoding: gzip
CF-IPCountry: ES
CF-RAY: 4b345cfd1c4ac691-MAD
CF-Visitor: {"scheme":"https"}
pragma: no-cache
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
referer: https://app.example.com/auth/login
accept-language: en-US,en;q=0.9,en-GB;q=0.8,pl;q=0.7
cookie: many_encrypted_cookies; .AspNetCore.Identity.Application=something_encrypted;
CF-Connecting-IP: 83.41.81.250
True-Client-IP: 83.41.81.250
CDN-Loop: cloudflare
HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0
āĻĄāĻžāĻŽā§āĻĒāĻāĻŋ āĻāĻ¨āĻŋāĻˇā§āĻ āĻāĻžāĻŦā§ āĻĒāĻ°āĻŋāĻĻāĻ°ā§āĻļāĻ¨ āĻāĻ°āĻžāĻ° āĻĒāĻ°ā§, āĻļāĻŦā§āĻĻāĻāĻŋ āĻ˛āĻā§āĻˇā§āĻ¯ āĻāĻ°āĻž āĻā§āĻ˛ M.laga
. āĻāĻāĻž āĻ
āĻ¨ā§āĻŽāĻžāĻ¨ āĻāĻ°āĻž āĻ¸āĻšāĻ āĻ¯ā§ āĻ¸ā§āĻĒā§āĻ¨ā§ āĻā§āĻ¨ M.laga āĻļāĻšāĻ° āĻ¨ā§āĻ (āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻāĻā§
ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-Nginx-Geo-Client-Country $geoip_country_name;
proxy_set_header X-Nginx-Geo-Client-City $geoip_city;
āĻāĻ āĻšā§āĻĄāĻžāĻ° āĻĢāĻ°āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄāĻŋāĻ āĻ¨āĻŋāĻˇā§āĻā§āĻ°āĻŋāĻ¯āĻŧ āĻāĻ°āĻžāĻ° āĻĒāĻ°, āĻ¸āĻŦāĻāĻŋāĻā§ āĻ āĻŋāĻ āĻšāĻ¯āĻŧā§ āĻā§āĻ˛! (āĻāĻāĻŋ āĻļā§āĻā§āĻ°āĻ āĻ¸ā§āĻĒāĻˇā§āĻ āĻšāĻ¯āĻŧā§ āĻā§āĻ˛ āĻ¯ā§ āĻ ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨āĻāĻŋāĻ° āĻāĻ° āĻāĻ āĻļāĻŋāĻ°ā§āĻ¨āĻžāĻŽāĻā§āĻ˛āĻŋāĻ° āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ āĻ¨ā§āĻāĨ¤)
āĻāĻāĻ¨ āĻ¸āĻŽāĻ¸ā§āĻ¯āĻžāĻāĻž āĻĻā§āĻāĻž āĻ¯āĻžāĻ āĻāĻ°ā§ āĻ¸āĻžāĻ§āĻžāĻ°āĻŖāĻāĻžāĻŦā§. āĻāĻāĻŋ āĻāĻāĻāĻŋ āĻā§āĻ˛āĻ¨ā§āĻ āĻ
āĻ¨ā§āĻ°ā§āĻ§ āĻāĻ°ā§ āĻ
ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨ā§āĻ° āĻāĻŋāĻ¤āĻ°ā§ āĻ¸āĻšāĻā§āĻ āĻĒā§āĻ¨āĻ°ā§āĻ¤ā§āĻĒāĻžāĻĻāĻ¨ āĻāĻ°āĻž āĻ¯ā§āĻ¤ā§ āĻĒāĻžāĻ°ā§ localhost:80
:
GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Desiree
... āĻĢāĻŋāĻ°ā§ āĻāĻ¸ā§ 401 Unauthorized
, āĻĒā§āĻ°āĻ¤ā§āĻ¯āĻžāĻļāĻŋāĻ¤. āĻāĻŽāĻ°āĻž āĻ¯āĻĻāĻŋ āĻāĻ°āĻŋ āĻ¤āĻžāĻšāĻ˛ā§ āĻāĻŋ āĻšāĻŦā§:
GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=DÊsirÊe
?
āĻĢāĻŋāĻ°ā§ āĻāĻ¸āĻŦā§ 400 Bad request
â āĻ
ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨ āĻ˛āĻā§ āĻāĻŽāĻ°āĻž āĻāĻāĻāĻŋ āĻ¤ā§āĻ°ā§āĻāĻŋ āĻĒāĻžāĻŦ āĻ¯āĻž āĻāĻ¤āĻŋāĻŽāĻ§ā§āĻ¯ā§ āĻāĻŽāĻžāĻĻā§āĻ° āĻāĻžāĻā§ āĻĒāĻ°āĻŋāĻāĻŋāĻ¤:
{
"@t":"2019-03-31T12:59:54.3746446Z",
"@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
"@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
"ConnectionId":"0HLLLR1J974L9",
"message":"Malformed request: invalid headers.",
"EventId":{
"Id":17,
"Name":"ConnectionBadRequest"
},
"SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
"ThreadId":71
}
āĻĢāĻ˛āĻžāĻĢāĻ˛
āĻŦāĻŋāĻļā§āĻˇ āĻāĻ°ā§ āĻā§āĻ¸ā§āĻā§āĻ°ā§āĻ˛
āĻāĻŽāĻžāĻĻā§āĻ° āĻā§āĻˇā§āĻ¤ā§āĻ°ā§ āĻāĻāĻāĻŋ āĻ
āĻ¤āĻŋāĻ°āĻŋāĻā§āĻ¤ āĻāĻžāĻ°āĻŖ āĻšāĻ˛ āĻ¯ā§ āĻā§āĻ˛āĻžāĻ¯āĻŧā§āĻ¨ā§āĻ āĻŦāĻ°ā§āĻ¤āĻŽāĻžāĻ¨ā§ āĻ
ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨āĻāĻŋāĻ¤ā§ āĻā§āĻ¸ā§āĻā§āĻ°ā§āĻ˛ā§āĻ° āĻŦāĻžāĻ¸ā§āĻ¤āĻŦāĻžāĻ¯āĻŧāĻ¨ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°āĻžāĻ° āĻĒāĻ°āĻŋāĻāĻ˛ā§āĻĒāĻ¨āĻž āĻāĻ°ā§ āĻ¨āĻžāĨ¤ āĻ¯āĻžāĻāĻšā§āĻ, AspNetCore āĻ¨āĻŋāĻā§āĻ āĻ¸āĻŽāĻ¸ā§āĻ¯āĻžāĻā§āĻ˛āĻŋ (
āĻ¸āĻāĻā§āĻˇā§āĻĒā§ āĻŦāĻ˛āĻž āĻ¯āĻžāĻ¯āĻŧ: āĻ¨ā§āĻāĻāĻŋ āĻāĻ° āĻā§āĻ¸ā§āĻā§āĻ°ā§āĻ˛ āĻŦāĻž UTF-8 (2019 āĻ¸āĻžāĻ˛ā§?!) āĻāĻ° āĻ¨āĻŋāĻ°ā§āĻĻāĻŋāĻˇā§āĻ āĻ¸āĻŽāĻ¸ā§āĻ¯āĻžāĻā§āĻ˛āĻŋ āĻ¸āĻŽā§āĻĒāĻ°ā§āĻā§ āĻ¨āĻ¯āĻŧ, āĻ¤āĻŦā§ āĻāĻ āĻ¸āĻ¤ā§āĻ¯āĻāĻŋ āĻ¸āĻŽā§āĻĒāĻ°ā§āĻā§ āĻŽāĻ¨āĻ¨āĻļā§āĻ˛āĻ¤āĻž āĻāĻŦāĻ āĻ§āĻžāĻ°āĻžāĻŦāĻžāĻšāĻŋāĻ āĻ āĻ§ā§āĻ¯āĻ¯āĻŧāĻ¨ āĻ¸āĻŽāĻ¸ā§āĻ¯āĻžāĻā§āĻ˛āĻŋ āĻ āĻ¨ā§āĻ¸āĻ¨ā§āĻ§āĻžāĻ¨ āĻāĻ°āĻžāĻ° āĻ¸āĻŽāĻ¯āĻŧ āĻāĻĒāĻ¨āĻŋ āĻ¯ā§ āĻĒā§āĻ°āĻ¤āĻŋāĻāĻŋ āĻĒāĻĻāĻā§āĻˇā§āĻĒ āĻā§āĻ°āĻšāĻŖ āĻāĻ°ā§āĻ¨ āĻ¤āĻž āĻļā§āĻā§āĻ°āĻ āĻŦāĻž āĻĒāĻ°ā§ āĻĢāĻ˛ āĻĻā§āĻŦā§āĨ¤ āĻļā§āĻāĻāĻžāĻŽāĻ¨āĻž!
āĻĻā§āĻ°āĻˇā§āĻāĻŦā§āĻ¯
āĻāĻŽāĻžāĻĻā§āĻ° āĻŦā§āĻ˛āĻā§āĻ āĻĒāĻĄāĻŧā§āĻ¨:
- ÂĢ
āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸ā§āĻ° āĻ āĻĒāĻžāĻ°ā§āĻļāĻ¨ā§ 6āĻāĻŋ āĻŦāĻŋāĻ¨ā§āĻĻāĻ¨āĻŽā§āĻ˛āĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻŦāĻžāĻ [āĻāĻŦāĻ āĻ¤āĻžāĻĻā§āĻ° āĻ¸āĻŽāĻžāĻ§āĻžāĻ¨] "; - ÂĢ
Kubernetes āĻāĻŋāĻĒāĻ¸ āĻāĻŦāĻ āĻā§āĻļāĻ˛: NGINX āĻāĻ¨āĻā§āĻ°ā§āĻ¸ā§ āĻāĻžāĻ¸ā§āĻāĻŽ āĻ¤ā§āĻ°ā§āĻāĻŋ āĻĒā§āĻˇā§āĻ āĻž "; - ÂĢ
āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻ¨āĻā§āĻ°ā§āĻ¸ āĻāĻ¨ā§āĻā§āĻ°ā§āĻ˛āĻžāĻ°ā§āĻ° āĻāĻāĻžāĻ°āĻāĻŋāĻ āĻāĻŦāĻ āĻ¤ā§āĻ˛āĻ¨āĻž "; - ÂĢ
Kubernetes āĻ¨ā§āĻĄā§āĻ° āĻŽāĻ§ā§āĻ¯ā§ āĻĒāĻŋāĻāĻā§āĻ˛āĻŋ āĻĒāĻ°ā§āĻ¯āĻŦā§āĻā§āĻˇāĻŖ āĻāĻ°āĻž - āĻāĻŽāĻžāĻĻā§āĻ° āĻ°ā§āĻ¸āĻŋāĻĒāĻŋ "; - ÂĢ
āĻ˛āĻŋāĻ¨āĻžāĻā§āĻ¸ āĻ¨ā§āĻāĻāĻ¯āĻŧāĻžāĻ°ā§āĻ āĻ¸āĻžāĻŦāĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻ¸āĻŽā§āĻĒāĻ°ā§āĻā§ 3āĻāĻŋ āĻ āĻ¸ā§āĻŦāĻžāĻāĻžāĻŦāĻŋāĻ āĻāĻāĻ¨āĻž Âģ.
āĻāĻ¤ā§āĻ¸: www.habr.com