Handling duplicated headers

[luis....@interactive3g.com]

Hi,

I am facing an issue where I am getting http requests with a duplicated HTTP Content-length header. NGINX is returning an error 400 Bad Request and it seems that this is hardcoded in the nginx source code [1]

Is there any way to sanitize these headers in Lua before nginx begin to parse them ? I have done some tests with header_filter_by_lua, but it seems this is executed after NGINX headers parsing.

Thanks,

Luis

[1] https://github.com/nginx/nginx/blob/master/src/http/ngx_http_request.c#L109 and https://github.com/nginx/nginx/blob/master/src/http/ngx_http_request.c#L1587

[Robert Paprocki]

Header filter lua handling is for responses, not requests. If your client is sending a request with duplicate content length headers (something that very much violates spec), Nginx doesn't (and shouldn't) be able to handle this, and it's a bad request. Beyond this, request header processing is done after this, and won't be any help. Better fix your client instead. 

--
You received this message because you are subscribed to the Google Groups "openresty-en" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openresty-en...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Luis Gasca]

I have no control over those invalid requests and it seems that Apache handles this with mod_headers (RequestHeader edit directive).
Just hoping that Openresty would have the equivalent to this.

[Robert Paprocki]

Ngx lua can indeed manipulate request headers, but if Nginx sees the request as bad, you're out of luck.