Hi Justin! What do you mean by "blocking" those requests? As you can see from the logs, thye don't even reach vcl_recv before they are thrown out, so they are technically already being rejected.
Kind regards, -- Guillaume Quintard On Mon, Jul 15, 2024 at 9:44 AM Justin Lloyd <[email protected]> wrote: > Hi all, > > > > I’m trying to figure out what the requests are that are resulting in the > following Varnish responses and how to block them: > > > > * << Request >> 39071654 > > - Begin req 39071653 rxreq > > - Timestamp Start: 1721059686.537197 0.000000 0.000000 > > - Timestamp Req: 1721059686.537197 0.000000 0.000000 > > - BogoHeader Illegal char 0x20 in header name > > - HttpGarbage "GET%00" > > - RespProtocol HTTP/1.1 > > - RespStatus 400 > > - RespReason Bad Request > > - ReqAcct 535 0 535 28 0 28 > > - End > > > > These are on AWS EC2 instances that are behind an Application Load > Balancer (ALB) that is connected to a Web Application Firewall (WAF), so in > theory I should be able to figure out a rule to add to the WAF to block > these. I’d just need to get more information to do so, and AWS support > could probably help, but I wanted to check here first if there’s any way to > get further information about such requests out of Varnish. > > > > FWIW, the 0x20 is a space character, but there are also similar requests > reporting 0x09 (horizontal tab) characters. > > > > Thanks, > > Justin > > > _______________________________________________ > varnish-misc mailing list > [email protected] > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
