<<<<<<<<<<<<<<<<<< :authority: dashboard.domain.com user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:59.0) Gecko/20100101 Firefox/59.0 accept: text/css,*/*;q=0.1 accept-language: da,en-US;q=0.8,en;q=0.6,es;q=0.4,tr;q=0.2 accept-encoding: gzip, deflate, br referer: https://dashboard.domain.com/stats/6 cookie: _ga=GA1.2.2085297229.1474098197 Wx1ZSI: XSRF-TOKEN=SECURE_TOKEN%3D cookie: laravel_session=SECURE_SESSION%3D%3D pragma: no-cache cache-control: no-cache #################
So, this Wx1ZSI usually should be “cookie” – however it’s somehow turned into garbage. Repeated – now it’s s3U2JV – but still supposed to be “cookie”: <<<<<<<<<<<<<<<<<< :authority: dashboard.domain.com user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:59.0) Gecko/20100101 Firefox/59.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: da,en-US;q=0.8,en;q=0.6,es;q=0.4,tr;q=0.2 accept-encoding: gzip, deflate, br referer: https://dashboard.domain.com/stats/1 cookie: _ga=GA1.2.2085297229.1474098197 s3U2JV: XSRF-TOKEN=SECURE_TOKEN%3D cookie: laravel_session=SECURE_SESSION%3D%3D upgrade-insecure-requests: 1 pragma: no-cache cache-control: no-cache ################# It’s consistently the cookie header that fails. Some repeated requests, all related to cookie where header field became: 6InNEa InVMdk Best Regards, Lucas Rolff On 29/12/2017, 21.21, "Willy Tarreau" <w...@1wt.eu> wrote: On Fri, Dec 29, 2017 at 06:56:36PM +0000, Lucas Rolff wrote: > h2_make_h1_request:153 > h2_frt_decode_headers:2621 > h2_frt_decode_headers:2643 > > /* this can be any type of header */ > /* RFC7540#8.1.2: upper case not allowed in header field names */ > for (i = 0; i < list[idx].n.len; i++) > if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A') > goto fail; > > That's an interesting place to fail OK I can propose the attached patch which will dump all the requests to stderr, as they are received or extracted from the dynamic headers table. The patch needs to be applied without the previous ones. This will look like this : <<<<<<<<<<<<<<<<<< :authority: 127.0.0.1:4443 user-agent: curl/7.57.0 accept: */* >>>>>>>>>>>>>>>>> <<<<<<<<<<<<<<<<<< :authority: 127.0.0.1:4443 user-agent: curl/7.57.0 accept: */* aaa: AaA >>>>>>>>>>>>>>>>> The '<<<' and '>>>' enclose a request. The final one will instead use "###" to indicate that at least one bad char was received, or '!!!' to indicate that another error was met. Please note that it will silently let the request pass through so you need to check the output to see if these "###" happen. Maybe we'll find a bug in the dynamic headers table causing some crap to be returned. Or maybe we'll find that a given browser occasionally sends a bad header. Cheers, willy