Hi Baptiste, In our production setup. The flow will be like this:
incoming clients request --> *HAProxy* (as a load balancer) --> Nginx (as a router) --> App servers (java and ruby) In our java app servers, sometime there is an exception log complained by 'Netty' (our java web server) with a message something like this: java.lang.IllegalArgumentException: Header value contains a prohibited character '\f': ga^L???`? at org.jboss.netty.handler.codec.http.HttpHeaders.validateHeaderValue(HttpHeaders.java:1079) ~[io.netty.netty-3.9.3.Final.jar:na] at org.jboss.netty.handler.codec.http.DefaultHttpHeaders.validateHeaderValue0(DefaultHttpHeaders.java:128) ~[io.netty.netty-3.9.3.Final.jar:na] ... It's complaining about the 'invalid characters' on the header. But I can't seem to reproduce it manually, because I'm myself not sure what kind of 'invalid' characters it had. So now I'm wondering, what kind of filter that already done automatically by HAProxy as default? And how if I want to add extra 'regex' filter in the HAProxy for incoming headers, for let say I only want to allow [a-Z0-9] for example. (So I can make sure if the error msg still occurring that's mean the traffic didn't come from HAProxy) It's hard to parse all the logs because quite big of a traffic, so I want to do a trial-error approach. Regards, Firman On Fri, Aug 28, 2015 at 1:55 PM, Baptiste <bed...@gmail.com> wrote: > > Le 28 août 2015 06:31, "Firman Gautama" <firman.gaut...@gmail.com> a > écrit : > > > > Hello All, > > > > I was just wondering what is the best way if we want to filter all > headers by certain regex to block invalid/malicious characters? > > I read on the documentation, CMIIW, but the example there only shown if > we know the specific header name. > > Does anybody know how to filter all the http headers with specific > regex, so we could discard all the traffic with the invalid headers and > only forward the good one. > > > > Regards, > > Firman Gautama > > Hi Firman, > > This is already haproxy's default behavior. > Do you have an example of a 'weird' character which passed through? > > Baptiste >