Nicolo Ballestriero
Bad request error due to not allowed caratter in the request
November 06, 2017 02:30PM
Good morning,

My HAproxy drops http connections made from an Hikvision devices because
I have a  <space> in the request. I tried to set the HAproxy  according
to this:

http://cbonte.github.io/haproxy-dconv/1.6/configuration.html#4-option%20accept-invalid-http-request

The result didn't change, can you please give me a Hit? I can't change
the device behavior, but I need the request to be accepted

Thanks

Nicolo'

echo "show errors" | socat unix-connect:/var/run/haproxy.stat stdio
Total events captured on [06/Nov/2017:14:16:05.751] : 12

[06/Nov/2017:14:16:05.342] frontend http (#4): invalid request
backend <NONE> (#-1), server <NONE> (#-1), event #11
src 192.168.5.70:33373, session #18, session flags 0x00000088
HTTP msg state 26, msg flags 0x00000000, tx flags 0x00000000
HTTP chunk len 0 bytes, HTTP body len 0 bytes
buffer flags 0x00908002, out 0 bytes, total 1278 bytes
pending 1278 bytes, wrapping at 16392, error at position 35:

00000 POST /onvifevents/test.cgi HTTP/1.1 \r\n
00038 Accept-Encoding: gzip,deflate \r\n
00070 Content-Type: application/soap+xml; charset=utf-8\r\n
00121 Host: 192.168.5.239 \r\n
00143 Content-Length: 1092\r\n
00165 Connection: close\r\n
00184 \r\n
00186 <?xml version="1.0" encoding="UTF-8"?>\n
00225 <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"; x
00295+ mlns:tev="http://www.onvif.org/ver10/events/wsdl"; xmlns:wsa="http://w
00365+ ww.w3.org/2005/08/addressing" xmlns:tt="http://www.onvif.org/ver10/sc
00435+ hema" xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2"; xmlns:tns1="ht
00505+ tp://www.onvif.org/ver10/topics" >\n
00540 <soap:Header>\n
00554 <wsa:To soap:mustUnderstand="true">http://192.168.5.239:80/onvifevents
00624+ /test.cgi</wsa:To>\n
00643 <wsa:Action>http://docs.oasis-open.org/wsn/bw-2/NotificationConsumer/N
00713+ otify</wsa:Action>\n
00732 </soap:Header>\n
00747 <soap:Body>\n
00759 <wsnt:Notify>\n
00773 <wsnt:NotificationMessage>\n
00800 <wsnt:Topic Dialect="http://www.onvif.org/ver10/tev/topicExpression/Co
00870+ ncreteSet">tns1:Device/Trigger/DigitalInput</wsnt:Topic>\n
00927 <wsnt:Message>\n
00942 <tt:Message UtcTime="2017-11-06T13:45:57Z" PropertyOperation="Changed"
01012+ >\n
01014 <tt:Source>\n
01026 <tt:SimpleItem Name="InputToken" Value="DigitalInputToken002"/>\n
01090 </tt:Source>\n
01103 <tt:Data>\n
01113 <tt:SimpleItem Name="LogicalState" Value="false"/>\n
01164 </tt:Data>\n
01175 </tt:Message>\n
01189 </wsnt:Message>\n
01205 </wsnt:NotificationMessage>\n
01233 </wsnt:Notify>\n
01248 </soap:Body>\n
01261 </soap:Envelope>\n
Ciao Nicolo,


2017-11-06 14:19 GMT+01:00 Nicolo Ballestriero <[email protected]>:
> Good morning,
>
> My HAproxy drops http connections made from an Hikvision devices because I
> have a <space> in the request. I tried to set the HAproxy according to
> this:

This is really in the request line, its a space between HTTP/1.1 and
\r\n. I don't see how haproxy will ever support such a broken requests
at all.

The option to accept invalid http requests relaxes some checks in
haproxy, however it does not mean that haproxy can parse every invalid
request that is out there.


If your backend server is able to handle the requests, you may switch
to tcp mode, so that haproxy does not look into the HTTP request at
all. But other than that, I don't have any suggestions.


Best regards,
Lukas
Sorry, only registered users may post in this forum.

Click here to login