400 Bad Request and whitespace in headers
Guillaume Quintard
guillaume.quintard at gmail.com
Tue Jul 16 01:07:28 UTC 2024
Hi Justin!
What do you mean by "blocking" those requests? As you can see from the
logs, thye don't even reach vcl_recv before they are thrown out, so they
are technically already being rejected.
Kind regards,
--
Guillaume Quintard
On Mon, Jul 15, 2024 at 9:44 AM Justin Lloyd <justinl at arena.net> wrote:
> Hi all,
>
>
>
> I’m trying to figure out what the requests are that are resulting in the
> following Varnish responses and how to block them:
>
>
>
> * << Request >> 39071654
>
> - Begin req 39071653 rxreq
>
> - Timestamp Start: 1721059686.537197 0.000000 0.000000
>
> - Timestamp Req: 1721059686.537197 0.000000 0.000000
>
> - BogoHeader Illegal char 0x20 in header name
>
> - HttpGarbage "GET%00"
>
> - RespProtocol HTTP/1.1
>
> - RespStatus 400
>
> - RespReason Bad Request
>
> - ReqAcct 535 0 535 28 0 28
>
> - End
>
>
>
> These are on AWS EC2 instances that are behind an Application Load
> Balancer (ALB) that is connected to a Web Application Firewall (WAF), so in
> theory I should be able to figure out a rule to add to the WAF to block
> these. I’d just need to get more information to do so, and AWS support
> could probably help, but I wanted to check here first if there’s any way to
> get further information about such requests out of Varnish.
>
>
>
> FWIW, the 0x20 is a space character, but there are also similar requests
> reporting 0x09 (horizontal tab) characters.
>
>
>
> Thanks,
>
> Justin
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20240715/e184d361/attachment.html>
More information about the varnish-misc
mailing list