Viktor, "All Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field."
Is from RFC 2616 I can confirm (the gist above) that akka-http is doing that with curl -H "host:" However, what I haven't confirmed yet is what akka-http is doing with no Host header present. (I'd need to fork some well-conforming library and break it.) On Mon, Jul 20, 2015 at 8:15 AM, Viktor Klang <viktor.kl...@gmail.com> wrote: > Adam, > > you'd like Akka Http to respond with a 400 in case Host is omitted? > What does the spec mandate? > > > On Mon, Jul 20, 2015 at 3:09 PM, Adam Shannon <adam.shan...@banno.com> > wrote: > >> Viktor, >> >> My main concern here has been the throwing of exceptions. It was a bit >> confusing to see that (along with "Internal server error, sending 500 >> response") when it seems akka-http is handling this fine. >> >> It seems like when trying to re-produce this with curl akka-http responds >> with a 400 as per RFC2616: >> https://gist.github.com/SpicyMonadz/b844ce4503e145fda7ee >> >> So perhaps this is with an http client that is intentionally not setting >> the Host header at all? >> >> Another thing of note with this. If your akka-http instances are behind a >> properly functioning proxy or load balancer I don't think you'd be impacted >> by this, because nginx seems to be properly handling these requests. >> >> On Mon, Jul 20, 2015 at 4:21 AM, Viktor Klang <viktor.kl...@gmail.com> >> wrote: >> >>> Hi Adam, >>> >>> What should it do instead of throwing the exception? >>> (In case it is legal according to the HTTP spec please point the section >>> out to me, thanks!) >>> >>> On Mon, Jul 20, 2015 at 7:08 AM, Adam Shannon <adam.shan...@banno.com> >>> wrote: >>> >>>> I wouldn't say undesired behavior so much as something that we should >>>> work to fix within akka-http as to not throw the exception. I'm not seeing >>>> app crashes as have been reported by others. >>>> >>>> Ernesto, do you have a stand alone case? I could probably create one if >>>> not. >>>> >>>> On Sun, Jul 19, 2015 at 5:00 PM, Viktor Klang <viktor.kl...@gmail.com> >>>> wrote: >>>> >>>>> Adam, >>>>> >>>>> thank you. Are you observing any undesired behavior from Akka Http >>>>> related to those requests? >>>>> >>>>> On Sun, Jul 19, 2015 at 10:43 PM, Adam Shannon <adam.shan...@banno.com >>>>> > wrote: >>>>> >>>>>> I have some logs of this happening to me as well. I'm running on EC2 >>>>>> in us-east-1. I've got nginx and elb in front of these akka-http >>>>>> instances. >>>>>> Here's a few stack traces from the instances as well as nginx access >>>>>> logs. >>>>>> >>>>>> https://gist.github.com/SpicyMonadz/b844ce4503e145fda7ee >>>>>> >>>>>> These requests aren't killing my jvm instances fyi. I'm on >>>>>> akka-http-* 1.0 >>>>>> >>>>>> On Sun, Jul 19, 2015 at 2:33 PM, Viktor Klang <viktor.kl...@gmail.com >>>>>> > wrote: >>>>>> >>>>>>> Do you have a copy of the actual HTTP request that we could use as a >>>>>>> regression test? >>>>>>> >>>>>>> On Sun, Jul 19, 2015 at 8:26 PM, Ernesto Menéndez <pya...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> I received the same request several times when I was hosting my >>>>>>>> service at DigitalOcean using akka-http RC4. I had to restart the >>>>>>>> service >>>>>>>> each time. >>>>>>>> >>>>>>>> Now that I moved my service to another provider and updated to >>>>>>>> akka-http 1.0, I still haven't got this kind of request or maybe I just >>>>>>>> haven't noticed as It has been working fine for a couple of hours. >>>>>>>> I'll >>>>>>>> let you know if I see the problem again. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Sunday, July 19, 2015 at 9:53:47 AM UTC-6, Nicolau Werneck wrote: >>>>>>>>> >>>>>>>>> I am working on this pet project of mine, and I had an HTTP >>>>>>>>> service built with akka-http on-line. The other day I found out it was >>>>>>>>> unavailable, and when I checked in the logs it appears I was a victim >>>>>>>>> of >>>>>>>>> this attack: >>>>>>>>> >>>>>>>>> http://www.skepticism.us/2015/05/13/ >>>>>>>>> >>>>>>>>> I lost the error message, but it was pretty clear that the >>>>>>>>> described request dropped my server, and the problem was the absence >>>>>>>>> of the >>>>>>>>> `Host` header. >>>>>>>>> >>>>>>>>> Now, isn't this something akka-http, or any HTTP server or >>>>>>>>> framework, should be robust to? Is there anything I should or could >>>>>>>>> have >>>>>>>>> done as a user to prevent this problem, or should I be filing a bug >>>>>>>>> report? >>>>>>>>> Also, what is a proper way to keep the service running? I was just >>>>>>>>> calling >>>>>>>>> sbt from the command line, really experimental, I know there are >>>>>>>>> better >>>>>>>>> ways out there but I don't know where to start. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> ++nic >>>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>> >>>>>>>>>> Check the FAQ: >>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>> >>>>>>>>>> Search the archives: >>>>>>>> https://groups.google.com/group/akka-user >>>>>>>> --- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "Akka User List" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to akka-user+unsubscr...@googlegroups.com. >>>>>>>> To post to this group, send email to akka-user@googlegroups.com. >>>>>>>> Visit this group at http://groups.google.com/group/akka-user. >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Cheers, >>>>>>> √ >>>>>>> >>>>>>> -- >>>>>>> >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>> >>>>>>>>>> Check the FAQ: >>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>> >>>>>>>>>> Search the archives: >>>>>>> https://groups.google.com/group/akka-user >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Akka User List" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to akka-user+unsubscr...@googlegroups.com. >>>>>>> To post to this group, send email to akka-user@googlegroups.com. >>>>>>> Visit this group at http://groups.google.com/group/akka-user. >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Adam Shannon | Software Engineer | Banno | Jack Henry >>>>>> 206 6th Ave Suite 1020 | Des Moines, IA 50309 | Cell: 515.867.8337 >>>>>> >>>>>> -- >>>>>> >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>> >>>>>>>>>> Check the FAQ: >>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>> >>>>>>>>>> Search the archives: >>>>>> https://groups.google.com/group/akka-user >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Akka User List" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to akka-user+unsubscr...@googlegroups.com. >>>>>> To post to this group, send email to akka-user@googlegroups.com. >>>>>> Visit this group at http://groups.google.com/group/akka-user. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Cheers, >>>>> √ >>>>> >>>>> -- >>>>> >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>> >>>>>>>>>> Check the FAQ: >>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>> >>>>>>>>>> Search the archives: >>>>> https://groups.google.com/group/akka-user >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Akka User List" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to akka-user+unsubscr...@googlegroups.com. >>>>> To post to this group, send email to akka-user@googlegroups.com. >>>>> Visit this group at http://groups.google.com/group/akka-user. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>>> >>>> -- >>>> Adam Shannon | Software Engineer | Banno | Jack Henry >>>> 206 6th Ave Suite 1020 | Des Moines, IA 50309 | Cell: 515.867.8337 >>>> >>>> -- >>>> >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>> >>>>>>>>>> Check the FAQ: >>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>> >>>>>>>>>> Search the archives: >>>> https://groups.google.com/group/akka-user >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Akka User List" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to akka-user+unsubscr...@googlegroups.com. >>>> To post to this group, send email to akka-user@googlegroups.com. >>>> Visit this group at http://groups.google.com/group/akka-user. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> >>> -- >>> Cheers, >>> √ >>> >>> -- >>> >>>>>>>>>> Read the docs: http://akka.io/docs/ >>> >>>>>>>>>> Check the FAQ: >>> http://doc.akka.io/docs/akka/current/additional/faq.html >>> >>>>>>>>>> Search the archives: >>> https://groups.google.com/group/akka-user >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Akka User List" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to akka-user+unsubscr...@googlegroups.com. >>> To post to this group, send email to akka-user@googlegroups.com. >>> Visit this group at http://groups.google.com/group/akka-user. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Adam Shannon | Software Engineer | Banno | Jack Henry >> 206 6th Ave Suite 1020 | Des Moines, IA 50309 | Cell: 515.867.8337 >> >> -- >> >>>>>>>>>> Read the docs: http://akka.io/docs/ >> >>>>>>>>>> Check the FAQ: >> http://doc.akka.io/docs/akka/current/additional/faq.html >> >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user >> --- >> You received this message because you are subscribed to the Google Groups >> "Akka User List" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to akka-user+unsubscr...@googlegroups.com. >> To post to this group, send email to akka-user@googlegroups.com. >> Visit this group at http://groups.google.com/group/akka-user. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Cheers, > √ > > -- > >>>>>>>>>> Read the docs: http://akka.io/docs/ > >>>>>>>>>> Check the FAQ: > http://doc.akka.io/docs/akka/current/additional/faq.html > >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user > --- > You received this message because you are subscribed to the Google Groups > "Akka User List" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to akka-user+unsubscr...@googlegroups.com. > To post to this group, send email to akka-user@googlegroups.com. > Visit this group at http://groups.google.com/group/akka-user. > For more options, visit https://groups.google.com/d/optout. > -- Adam Shannon | Software Engineer | Banno | Jack Henry 206 6th Ave Suite 1020 | Des Moines, IA 50309 | Cell: 515.867.8337 -- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to akka-user+unsubscr...@googlegroups.com. To post to this group, send email to akka-user@googlegroups.com. Visit this group at http://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/d/optout.
