Ny solontenan'ny mpanjifanay, izay mipetraka ao amin'ny Microsoft cloud (Azure) ny antontan-taratasy fangatahana, dia niresaka olana: vao haingana, ny fangatahana sasany avy amin'ny mpanjifa sasany avy any Eoropa dia nanomboka nifarana tamin'ny fahadisoana 400 (). Ny fampiharana rehetra dia voasoratra ao amin'ny .NET, napetraka ao amin'ny Kubernetes...
Ny iray amin'ireo fampiharana dia ny API, izay hahatongavan'ny fifamoivoizana rehetra amin'ny farany. Ity fifamoivoizana ity dia henoin'ny mpizara HTTP , namboarina tamin'ny mpanjifa .NET ary nampiantranoina ao anaty pod. Miaraka amin'ny debugging, dia tsara vintana izahay amin'ny heviny fa nisy mpampiasa manokana izay namerina tsy tapaka ilay olana. Na izany aza, sarotra ny zava-drehetra noho ny rojo fifamoivoizana:
Ny fahadisoana ao amin'ny Ingress dia toa izao:
{
"number_fields":{
"status":400,
"request_time":0.001,
"bytes_sent":465,
"upstream_response_time":0,
"upstream_retries":0,
"bytes_received":2328
},
"stream":"stdout",
"string_fields":{
"ingress":"app",
"protocol":"HTTP/1.1",
"request_id":"f9ab8540407208a119463975afda90bc",
"path":"/api/sign-in",
"nginx_upstream_status":"400",
"service":"app",
"namespace":"production",
"location":"/front",
"scheme":"https",
"method":"POST",
"nginx_upstream_response_time":"0.000",
"nginx_upstream_bytes_received":"120",
"vhost":"api.app.example.com",
"host":"api.app.example.com",
"user":"",
"address":"83.41.81.250",
"nginx_upstream_addr":"10.240.0.110:80",
"referrer":"https://api.app.example.com/auth/login?long_encrypted_header",
"service_port":"http",
"user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36",
"time":"2019-03-06T18:29:16+00:00",
"content_kind":"cache-headers-not-present",
"request_query":""
},
"timestamp":"2019-03-06 18:29:16",
"labels":{
"app":"nginx",
"pod-template-generation":"6",
"controller-revision-hash":"1682636041"
},
"namespace":"kube-nginx-ingress",
"nsec":6726612,
"source":"kubernetes",
"host":"k8s-node-55555-0",
"pod_name":"nginx-v2hcb",
"container_name":"nginx",
"boolean_fields":{}
}Nandritra izany fotoana izany, Kestrel dia nanome:
HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0Na dia amin'ny fehezanteny ambony indrindra aza, ny hadisoan'i Kestrel dia tena nisy fampahalalana mahasoa kely:
{
"number_fields":{"ThreadId":76},
"stream":"stdout",
"string_fields":{
"EventId":"{"Id"=>17, "Name"=>"ConnectionBadRequest"}",
"SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
"ConnectionId":"0HLL2VJSST5KV",
"@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
"@t":"2019-03-07T13:06:48.1449083Z",
"@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
"message":"Malformed request: invalid headers."
},
"timestamp":"2019-03-07 13:06:48",
"labels":{
"pod-template-hash":"2368795483",
"service":"app"
},
"namespace":"production",
"nsec":145341848,
"source":"kubernetes",
"host":"k8s-node-55555-1",
"pod_name":"app-67bdcf98d7-mhktx",
"container_name":"app",
"boolean_fields":{}
}Toa ny tcpdump ihany no hanampy amin'ny famahana ity olana ity... fa averiko indray ny momba ny rojo fifamoivoizana:
fanadihadiana
Mazava ho azy fa tsara kokoa ny mihaino ny fifamoivoizana amin'io node manokana io, izay nametrahan'i Kubernetes pod: ny habetsahan'ny fanariam-pako dia ho azo atao ny mahita zavatra faran'izay haingana. Ary marina tokoa, rehefa nandinika azy io, dia voamarika ity frame manaraka ity:
GET /back/user HTTP/1.1
Host: api.app.example.com
X-Request-ID: 27ceb14972da8c21a8f92904b3eff1e5
X-Real-IP: 83.41.81.250
X-Forwarded-For: 83.41.81.250
X-Forwarded-Host: api.app.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Original-URI: /front/back/user
X-Scheme: https
X-Original-Forwarded-For: 83.41.81.250
X-Nginx-Geo-Client-Country: Spain
X-Nginx-Geo-Client-City: M.laga
Accept-Encoding: gzip
CF-IPCountry: ES
CF-RAY: 4b345cfd1c4ac691-MAD
CF-Visitor: {"scheme":"https"}
pragma: no-cache
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
referer: https://app.example.com/auth/login
accept-language: en-US,en;q=0.9,en-GB;q=0.8,pl;q=0.7
cookie: many_encrypted_cookies; .AspNetCore.Identity.Application=something_encrypted;
CF-Connecting-IP: 83.41.81.250
True-Client-IP: 83.41.81.250
CDN-Loop: cloudflare
HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0
Rehefa nojerena akaiky ilay fanariam-pako dia tsikaritra ny teny M.laga. Mora ny maminavina fa tsy misy tanΓ na M.laga any Espaina (fa misy ). Nahazo an'io hevitra io izahay dia nijery ny configs Ingress, izay nahitanay ilay nampidirina iray volana lasa izay (tamin'ny fangatahan'ny mpanjifa) "tsy mampidi-doza" snippet:
ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-Nginx-Geo-Client-Country $geoip_country_name;
proxy_set_header X-Nginx-Geo-Client-City $geoip_city;Taorian'ny nanesorana ny fandefasana ireo lohapejy ireo dia nilamina ny zava-drehetra! (Tsy ela dia nanjary nazava fa ny fampiharana mihitsy dia tsy mila ireo lohapejy ireo intsony.)
Andeha hojerentsika ny olana amin'ny ankapobeny. Azo averina mora foana ao anatin'ny fampiharana izany amin'ny alalan'ny fangatahana telnet localhost:80:
GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Desiree
... miverina 401 Unauthorized, araka ny efa nampoizina. Inona no mitranga raha manao isika:
GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=DΓ©sirΓ©e?
Hiverina 400 Bad request β ao amin'ny log de application dia hahazo lesoka efa mahazatra antsika:
{
"@t":"2019-03-31T12:59:54.3746446Z",
"@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
"@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
"ConnectionId":"0HLLLR1J974L9",
"message":"Malformed request: invalid headers.",
"EventId":{
"Id":17,
"Name":"ConnectionBadRequest"
},
"SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
"ThreadId":71
}vokatra
Indrindra indrindra, Kestrel manodinkodina tsara ny lohatenin'ny HTTP miaraka amin'ny tarehintsoratra marina ao amin'ny UTF-8, izay voarakitra ao amin'ny anaran'ny tanΓ na maro be.
Antony iray fanampiny amin'ny tranga misy antsika dia tsy mikasa ny hanova ny fampiharana ny Kestrel amin'ny fampiharana ny mpanjifa amin'izao fotoana izao. Na izany aza, ny olana ao amin'ny AspNetCore mihitsy (, ) hoy izy ireo fa tsy hanampy izany...
Raha fintinina: ny fanamarihana dia tsy momba ny olana manokana momba an'i Kestrel na UTF-8 (tamin'ny 2019?!), fa momba ny zava-misy fahatsiarovan-tena sy fianarana tsy tapaka Ny dingana rehetra ataonao eo am-pikarohana olana dia hamokatra na ho ela na ho haingana. Mirary anao ho tsara vintana!
Sal
Vakio ihany koa ao amin'ny bilaoginay:
- Β«";
- Β«";
- Β«";
- Β«";
- Β«".
Source: www.habr.com