[prev in list] [next in list] [prev in thread] [next in thread] 

List:       haproxy
Subject:    Re: BAD REQUEST
From:       Willy Tarreau <w () 1wt ! eu>
Date:       2011-09-27 19:09:34
Message-ID: 20110927190934.GA26260 () 1wt ! eu
[Download RAW message or body]

Hello Vivien,

On Tue, Sep 27, 2011 at 04:40:34PM +0200, maynardkeenan@free.fr wrote:
> Hello HAProxy community !
> 
> Do you think that HAProxy can block a request if spaces (and not %20) are located \
> in the URI ? 
> HAProxy.log:
> 
> <NOSRV> -1/-1/-1/-1/0 400 87 - - PRNN 0/0/0/0/0 0/0 "<BADREQ>"
> 
> The url is like this :
> 
> https://www.example.com/myapp/server.pt/wrapper/FFFRA_0_109898_4595_417_938_43/fff-a \
> ps/pt_action?javax.portlet.PT_PORTLET_NAME_KEY=Container&AWHA_selectedAcFamily=4138 \
> 30&AWHA revDate=32303 =41495553&AWHA _HeChOn=4865

Yes if posted like this, since this is not a valid URI at all. However,
I'd bet that your client would encode them and send them as '+' or '%20'.

A valid request has :
  - a method
  - exactly one space
  - a URI
  - exactly one space
  - a version
  - CRLF

Hoping this helps,
Willy


[prev in list] [next in list] [prev in thread] [next in thread]