Ib tus neeg sawv cev ntawm peb cov neeg siv khoom, uas nws daim ntawv thov pawg nyob hauv Microsoft huab (Azure), tau hais txog qhov teeb meem: tsis ntev los no, qee qhov kev thov los ntawm qee cov neeg siv khoom hauv Tebchaws Europe pib xaus nrog qhov yuam kev 400 (). Txhua daim ntawv thov raug sau rau hauv .NET, xa tawm hauv Kubernetes...
Ib qho ntawm cov ntawv thov yog API, dhau los ntawm tag nrho cov tsheb khiav thaum kawg tuaj. Cov tsheb no tau mloog los ntawm HTTP server , teeb tsa los ntawm .NET tus neeg siv khoom thiab tuav hauv lub plhaub. Nrog kev debugging, peb muaj hmoo hauv kev nkag siab tias muaj ib tus neeg siv tshwj xeeb uas tau tsim tawm qhov teeb meem tas li. Txawm li cas los xij, txhua yam tau nyuaj los ntawm cov saw hlau tsheb:
Qhov yuam kev hauv Ingress zoo li no:
{
"number_fields":{
"status":400,
"request_time":0.001,
"bytes_sent":465,
"upstream_response_time":0,
"upstream_retries":0,
"bytes_received":2328
},
"stream":"stdout",
"string_fields":{
"ingress":"app",
"protocol":"HTTP/1.1",
"request_id":"f9ab8540407208a119463975afda90bc",
"path":"/api/sign-in",
"nginx_upstream_status":"400",
"service":"app",
"namespace":"production",
"location":"/front",
"scheme":"https",
"method":"POST",
"nginx_upstream_response_time":"0.000",
"nginx_upstream_bytes_received":"120",
"vhost":"api.app.example.com",
"host":"api.app.example.com",
"user":"",
"address":"83.41.81.250",
"nginx_upstream_addr":"10.240.0.110:80",
"referrer":"https://api.app.example.com/auth/login?long_encrypted_header",
"service_port":"http",
"user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36",
"time":"2019-03-06T18:29:16+00:00",
"content_kind":"cache-headers-not-present",
"request_query":""
},
"timestamp":"2019-03-06 18:29:16",
"labels":{
"app":"nginx",
"pod-template-generation":"6",
"controller-revision-hash":"1682636041"
},
"namespace":"kube-nginx-ingress",
"nsec":6726612,
"source":"kubernetes",
"host":"k8s-node-55555-0",
"pod_name":"nginx-v2hcb",
"container_name":"nginx",
"boolean_fields":{}
}Tib lub sijhawm, Kestrel muab:
HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0Txawm hais tias muaj qhov siab tshaj plaws, qhov yuam kev Kestrel muaj qhov tsis txaus ntseeg me ntsis cov ntaub ntawv tseem ceeb:
{
"number_fields":{"ThreadId":76},
"stream":"stdout",
"string_fields":{
"EventId":"{"Id"=>17, "Name"=>"ConnectionBadRequest"}",
"SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
"ConnectionId":"0HLL2VJSST5KV",
"@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
"@t":"2019-03-07T13:06:48.1449083Z",
"@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
"message":"Malformed request: invalid headers."
},
"timestamp":"2019-03-07 13:06:48",
"labels":{
"pod-template-hash":"2368795483",
"service":"app"
},
"namespace":"production",
"nsec":145341848,
"source":"kubernetes",
"host":"k8s-node-55555-1",
"pod_name":"app-67bdcf98d7-mhktx",
"container_name":"app",
"boolean_fields":{}
}Nws yuav zoo li tias tsuas yog tcpdump yuav pab daws qhov teeb meem no ... tab sis kuv yuav rov hais dua txog cov saw tsheb:
Kev tshawb nrhiav
Pom tseeb, nws yog qhov zoo dua los mloog kev khiav tsheb ntawm qhov tshwj xeeb node, qhov twg Kubernetes tau xa mus rau lub pod: qhov ntim ntawm cov pob tseg yuav zoo li uas nws yuav muaj peev xwm nrhiav tau yam tsawg kawg ib yam zoo nkauj sai sai. Thiab qhov tseeb, thaum kuaj xyuas nws, cov qauv hauv qab no tau pom:
GET /back/user HTTP/1.1
Host: api.app.example.com
X-Request-ID: 27ceb14972da8c21a8f92904b3eff1e5
X-Real-IP: 83.41.81.250
X-Forwarded-For: 83.41.81.250
X-Forwarded-Host: api.app.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Original-URI: /front/back/user
X-Scheme: https
X-Original-Forwarded-For: 83.41.81.250
X-Nginx-Geo-Client-Country: Spain
X-Nginx-Geo-Client-City: M.laga
Accept-Encoding: gzip
CF-IPCountry: ES
CF-RAY: 4b345cfd1c4ac691-MAD
CF-Visitor: {"scheme":"https"}
pragma: no-cache
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
referer: https://app.example.com/auth/login
accept-language: en-US,en;q=0.9,en-GB;q=0.8,pl;q=0.7
cookie: many_encrypted_cookies; .AspNetCore.Identity.Application=something_encrypted;
CF-Connecting-IP: 83.41.81.250
True-Client-IP: 83.41.81.250
CDN-Loop: cloudflare
HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0
Thaum los ze zog soj ntsuam ntawm lub pov tseg, lo lus tau pom M.laga. Nws yooj yim twv tias tsis muaj M.laga lub nroog hauv Spain (tab sis muaj ). Seizing ntawm lub tswv yim no, peb saib ntawm Ingress configs, qhov twg peb pom ib tug ntxig ib hlis dhau los (ntawm tus neeg thov kev thov) "hmoov" snippet:
ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-Nginx-Geo-Client-Country $geoip_country_name;
proxy_set_header X-Nginx-Geo-Client-City $geoip_city;Tom qab disabling lub forwarding ntawm cov headers, txhua yam ua tau zoo! (Nws sai sai tau pom tseeb tias daim ntawv thov nws tus kheej tsis xav tau cov headers lawm.)
Tam sim no cia saib qhov teeb meem feem ntau. Nws tuaj yeem tsim tau yooj yim hauv daim ntawv thov los ntawm kev thov telnet rau localhost:80:
GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Desiree
... rov 401 Unauthorized, raws li xav tau. Yuav ua li cas yog peb ua:
GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=DΓ©sirΓ©e?
Yuav rov qab los 400 Bad request - hauv daim ntawv teev npe peb yuav tau txais qhov yuam kev uas twb paub peb lawm:
{
"@t":"2019-03-31T12:59:54.3746446Z",
"@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
"@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
"ConnectionId":"0HLLLR1J974L9",
"message":"Malformed request: invalid headers.",
"EventId":{
"Id":17,
"Name":"ConnectionBadRequest"
},
"SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
"ThreadId":71
}Cov txiaj ntsim tau los
Tshwj xeeb yog Kestrel ua kom raug HTTP headers nrog cov cim tseeb hauv UTF-8, uas muaj nyob rau hauv cov npe ntawm ntau lub nroog.
Ib qho ntxiv hauv peb cov ntaub ntawv yog tias tus neeg siv khoom tam sim no tsis npaj hloov pauv kev siv Kestrel hauv daim ntawv thov. Txawm li cas los xij, teeb meem hauv AspNetCore nws tus kheej (, ) lawv hais tias qhov no yuav tsis pab...
Los xaus: daim ntawv tsis yog hais txog cov teeb meem tshwj xeeb ntawm Kestrel lossis UTF-8 (hauv 2019?!), tab sis hais txog qhov tseeb tias mindfulness thiab kev kawm tsis tu ncua Txhua kauj ruam koj ua thaum tshawb nrhiav cov teeb meem yuav sai lossis tom qab ntawd txi txiv. Hmoov zoo!
PS
Nyeem kuj ntawm peb blog:
- «»;
- «»;
- «»;
- «»;
- Β«".
Tau qhov twg los: www.hab.com