Wakiil ka socda macmiilkayaga, kaas oo codsigiisa uu ku nool yahay daruuraha Microsoft (Azure), ayaa ka hadlay dhibaatada: dhawaan, qaar ka mid ah codsiyada macaamiisha qaarkood ee Yurub ayaa bilaabay inay ku dhameeyaan qalad 400 (). Dhammaan codsiyada waxay ku qoran yihiin .NET, oo la geeyay Kubernetes...
Mid ka mid ah codsiyada waa API, kaas oo dhammaan taraafikada ay ugu dambeyntii yimaadaan. Taraafikadan waxaa dhagaysta serverka HTTP , waxaa habeeyay macmiilka NET oo lagu marti galiyay boodh. Marka la tirtiro, waxaan nasiib u yeelanay dareenka in uu jiro isticmaale gaar ah oo si joogto ah u soo saaray dhibaatada. Si kastaba ha ahaatee, wax walba waxaa ku adkaaday silsiladda taraafikada:
Khaladka gudaha galay wuxuu u ekaa sidan:
{
"number_fields":{
"status":400,
"request_time":0.001,
"bytes_sent":465,
"upstream_response_time":0,
"upstream_retries":0,
"bytes_received":2328
},
"stream":"stdout",
"string_fields":{
"ingress":"app",
"protocol":"HTTP/1.1",
"request_id":"f9ab8540407208a119463975afda90bc",
"path":"/api/sign-in",
"nginx_upstream_status":"400",
"service":"app",
"namespace":"production",
"location":"/front",
"scheme":"https",
"method":"POST",
"nginx_upstream_response_time":"0.000",
"nginx_upstream_bytes_received":"120",
"vhost":"api.app.example.com",
"host":"api.app.example.com",
"user":"",
"address":"83.41.81.250",
"nginx_upstream_addr":"10.240.0.110:80",
"referrer":"https://api.app.example.com/auth/login?long_encrypted_header",
"service_port":"http",
"user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36",
"time":"2019-03-06T18:29:16+00:00",
"content_kind":"cache-headers-not-present",
"request_query":""
},
"timestamp":"2019-03-06 18:29:16",
"labels":{
"app":"nginx",
"pod-template-generation":"6",
"controller-revision-hash":"1682636041"
},
"namespace":"kube-nginx-ingress",
"nsec":6726612,
"source":"kubernetes",
"host":"k8s-node-55555-0",
"pod_name":"nginx-v2hcb",
"container_name":"nginx",
"boolean_fields":{}
}Isla mar ahaantaana, Kestrel wuxuu bixiyay:
HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0Xataa iyada oo leh hadalka ugu badan, qaladka Kestrel aad buu u koobnaa macluumaad yar oo faa'iido leh:
{
"number_fields":{"ThreadId":76},
"stream":"stdout",
"string_fields":{
"EventId":"{"Id"=>17, "Name"=>"ConnectionBadRequest"}",
"SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
"ConnectionId":"0HLL2VJSST5KV",
"@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
"@t":"2019-03-07T13:06:48.1449083Z",
"@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
"message":"Malformed request: invalid headers."
},
"timestamp":"2019-03-07 13:06:48",
"labels":{
"pod-template-hash":"2368795483",
"service":"app"
},
"namespace":"production",
"nsec":145341848,
"source":"kubernetes",
"host":"k8s-node-55555-1",
"pod_name":"app-67bdcf98d7-mhktx",
"container_name":"app",
"boolean_fields":{}
}Waxay u egtahay in kaliya tcpdump ay caawin doonto xallinta dhibaatadan ... laakiin waxaan ku celin doonaa silsiladda taraafikada:
Baaritaanka
Sida cad, way fiicantahay in la dhageysto taraafikada dhinacaas gaarka ah, halkaas oo Kubernetes ay geysay boodh: mugga qashin-qubka ayaa noqon doona sida ay suurtogal u tahay in la helo ugu yaraan shay si degdeg ah. Oo runtii, markii la baarayay, qaabkan soo socda ayaa la ogaaday:
GET /back/user HTTP/1.1
Host: api.app.example.com
X-Request-ID: 27ceb14972da8c21a8f92904b3eff1e5
X-Real-IP: 83.41.81.250
X-Forwarded-For: 83.41.81.250
X-Forwarded-Host: api.app.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Original-URI: /front/back/user
X-Scheme: https
X-Original-Forwarded-For: 83.41.81.250
X-Nginx-Geo-Client-Country: Spain
X-Nginx-Geo-Client-City: M.laga
Accept-Encoding: gzip
CF-IPCountry: ES
CF-RAY: 4b345cfd1c4ac691-MAD
CF-Visitor: {"scheme":"https"}
pragma: no-cache
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
referer: https://app.example.com/auth/login
accept-language: en-US,en;q=0.9,en-GB;q=0.8,pl;q=0.7
cookie: many_encrypted_cookies; .AspNetCore.Identity.Application=something_encrypted;
CF-Connecting-IP: 83.41.81.250
True-Client-IP: 83.41.81.250
CDN-Loop: cloudflare
HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0
Marka si dhow loo eego qashinka, ereyga ayaa la dareemay M.laga. Way fududahay in la qiyaaso in aysan jirin magaalada M.laga ee Spain (laakiin waxaa jira ). Qabashada fikraddan, waxaan eegnay qaab-dhismeedka Ingress, halkaas oo aan ku aragnay mid la geliyey bil ka hor (codsiga macmiilka) jajab "aan dhib lahayn".:
ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-Nginx-Geo-Client-Country $geoip_country_name;
proxy_set_header X-Nginx-Geo-Client-City $geoip_city;Ka dib markii ay curyaamiyeen gudbinta madaxyadan, wax walbaa way fiicnaadeen! (Waxay markiiba caddaatay in codsiga laftiisu aanu u baahnayn madaxyadan.)
Hadda aan eegno dhibaatada guud ahaan. Si fudud ayaa loogu soo saari karaa gudaha arjiga iyada oo la samaynayo codsi telnet ah localhost:80:
GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Desiree
... soo noqda 401 Unauthorized, sida la filayo. Maxaa dhacaya haddii aan sameyno:
GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Désirée?
soo laaban doona 400 Bad request - Buugga arjiga waxaan ku heli doonaa qalad horeyba naqaanay:
{
"@t":"2019-03-31T12:59:54.3746446Z",
"@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
"@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
"ConnectionId":"0HLLLR1J974L9",
"message":"Malformed request: invalid headers.",
"EventId":{
"Id":17,
"Name":"ConnectionBadRequest"
},
"SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
"ThreadId":71
}Natiijooyinka
Gaar ahaan Kestrel si sax ah u habeeya madaxyada HTTP oo leh xarfaha saxda ah ee UTF-8, kuwaas oo ku jira magacyada tiro aad u badan oo magaalooyin ah.
Arrin dheeraad ah oo kiiskeena ah ayaa ah in macmiilku aanu hadda qorsheynayn inuu beddelo hirgelinta Kestrel ee codsiga. Si kastaba ha ahaatee, arrimaha ku jira AspNetCore lafteeda (, ) waxay yiraahdeen tani ma caawineyso...
Si loo soo koobo: qoraalku hadda kama hadlayo dhibaatooyinka gaarka ah ee Kestrel ama UTF-8 (2019?!), Laakiin ku saabsan xaqiiqda taas digtoonaan iyo daraasad joogto ah Tallaabo kasta oo aad qaado adigoo raadinaya dhibaatooyin ayaa mar dhow ama dambe midho dhalin doona. Nasiib wacan!
PS
Sidoo kale ka akhri boggayaga:
- «";
- «";
- «";
- «";
- «".
Source: www.habr.com