search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.09k stars 9.91k forks source link

Kestrel BadHttpRequestException: Url with space in path is misinterpreted as bad http version #18264

Closed Kiechlus closed 4 years ago

Kiechlus commented 4 years ago

This works: https://rhs-d15.robotics-rd.stryker.com/api/v1.2/facilities/foobar

Now adding a space: https://rhs-d15.robotics-rd.stryker.com/api/v1.2/facilities/foo%20bar

This fails with HTTP Status Code 505 Bad Http Version:

Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Unrecognized HTTP version: 'bar HTTP/1.1'
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpParser`1.RejectUnknownVersion(Byte* version, Int32 length)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpParser`1.ParseRequestLine(TRequestHandler handler, Byte* data, Int32 length)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpParser`1.ParseRequestLine(TRequestHandler handler, ReadOnlySequence`1& buffer, SequencePosition& consumed, SequencePosition& examined)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.ParseRequest(ReadOnlySequence`1& buffer, SequencePosition& consumed, SequencePosition& examined)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequestsAsync[TContext](IHttpApplication`1 application)

So he somehow misinterprets what is coming after the space as http version!

Running on aks with kubernetes 1.13.10 on mcr.microsoft.com/dotnet/core/aspnet:3.1 image behind a nginx ingress controller and an additional nginx. Their error logs are as follows:

95.243.167.66 - [195.243.167.66] - - [10/Jan/2020:16:12:18 +0000] "GET /api/v1.2/facilities/foo%20bar HTTP/2.0" 505 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0" 31 0.010 [default-api-gateway-80] 10.115.0.58:80 0 0.012 505 7e4aee8a709de6d48361b3a5e98c94b2
10.115.0.99 - - [10/Jan/2020:16:12:18 +0000] "GET /api/v1.2/facilities/foo%20bar HTTP/1.1" 505 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
analogrelay commented 4 years ago

Running on aks with kubernetes 1.13.10 on mcr.microsoft.com/dotnet/core/aspnet:3.1 image behind a nginx ingress controller and an additional nginx. Their error logs are as follows:

Is your ingress decoding the URL? What is the actual URL as it arrives at Kestrel? The exception message indicates that what Kestrel is getting is an unescaped space. We know that if Kestrel recieves a properly escaped %20 space in the URL it should work properly.

Kiechlus commented 4 years ago

You are right, when I directly route from the kubernetes ingress to the service, without our custom nginx, it works.