400 Bad Request and whitespace in headers
Justin Lloyd
justinl at arena.net
Mon Jul 15 16:42:17 UTC 2024
Hi all,
I'm trying to figure out what the requests are that are resulting in the following Varnish responses and how to block them:
* << Request >> 39071654
- Begin req 39071653 rxreq
- Timestamp Start: 1721059686.537197 0.000000 0.000000
- Timestamp Req: 1721059686.537197 0.000000 0.000000
- BogoHeader Illegal char 0x20 in header name
- HttpGarbage "GET%00"
- RespProtocol HTTP/1.1
- RespStatus 400
- RespReason Bad Request
- ReqAcct 535 0 535 28 0 28
- End
These are on AWS EC2 instances that are behind an Application Load Balancer (ALB) that is connected to a Web Application Firewall (WAF), so in theory I should be able to figure out a rule to add to the WAF to block these. I'd just need to get more information to do so, and AWS support could probably help, but I wanted to check here first if there's any way to get further information about such requests out of Varnish.
FWIW, the 0x20 is a space character, but there are also similar requests reporting 0x09 (horizontal tab) characters.
Thanks,
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20240715/6d1382e4/attachment.html>
More information about the varnish-misc
mailing list