Kestrel在提供流量时抛出“无效的主机头”错误

时间:2019-05-14 18:50:42

标签: asp.net-core kestrel-http-server

我们最近已将ASP.NET MVC 5应用程序迁移到ASP.NET Core 2.2。

一切似乎都正常,但是我们经常收到以下异常消息(每秒大约三遍,稍后会更多):

BadHttpRequestException: Invalid Host header: '~^appname.*$'
  Module "Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException", line 0, col 0, in Throw
    Void Throw(Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.RequestRejectionReason, System.String)
  Module "Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection", line 95, col 0, in EnsureHostHeaderExists
    Void EnsureHostHeaderExists()
  Module "Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection", line 196, col 0, in TryParseRequest
    Boolean TryParseRequest(System.IO.Pipelines.ReadResult, Boolean ByRef)
  Module "Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol+<ProcessRequests>d__185`1", line 170, col 0, in MoveNext
    Void MoveNext()
  Module "System.Runtime.ExceptionServices.ExceptionDispatchInfo", line 12, col 0, in Throw
    Void Throw()
  Module "System.Runtime.CompilerServices.TaskAwaiter", line 46, col 0, in HandleNonSuccessAndDebuggerNotification
    Void HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task)
  Module "Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol+<ProcessRequestsAsync>d__184`1", line 135, col 0, in MoveNext
    Void MoveNext()

在与我们的运营团队成员协商后,很明显,我们有三个HAProxy实例都大约每秒检查一次应用程序的每个节点。

对此应用程序的每个请求都将按以下顺序进行:

HAProxy-> Nginx-> Kestrel / ASP.NET Core应用程序

我的问题是,我如何确定这里发生的事情?

2 个答案:

答案 0 :(得分:3)

当前版本的Kestrel(我们使用的是ASP.NET Core 2.2)不支持HTTP访问日志记录。

看到此问题:Support access logging with Common Log Format/Extended Log Format

为了找出问题,我必须让我们的运营团队查看我们的nginx日志(nginx是我们正在使用的反向代理),以确定带有无效主机头的请求来自何处。

该问题原来是配置错误的状态检查应用程序。

答案 1 :(得分:1)

我想您应该在此处传递一些有效的网址,星号或正斜杠

负责解析的代码在https://github.com/aspnet/KestrelHttpServer/blob/b8a1c04ffbeee6c60a74766142ff3e2e6779d701/src/Kestrel.Core/Internal/Http/Http1Connection.cs

        public void OnStartLine(HttpMethod method, HttpVersion version, Span<byte> target, Span<byte> path, Span<byte> query, Span<byte> customMethod, bool pathEncoded)
        {
            Debug.Assert(target.Length != 0, "Request target must be non-zero length");

            var ch = target[0];
            if (ch == ByteForwardSlash)
            {
                // origin-form.
                // The most common form of request-target.
                // https://tools.ietf.org/html/rfc7230#section-5.3.1
                OnOriginFormTarget(method, version, target, path, query, customMethod, pathEncoded);
            }
            else if (ch == ByteAsterisk && target.Length == 1)
            {
                OnAsteriskFormTarget(method);
            }
            else if (target.GetKnownHttpScheme(out var scheme))
            {
                OnAbsoluteFormTarget(target, query);
            }
            else
            {
                // Assume anything else is considered authority form.
                // FYI: this should be an edge case. This should only happen when
                // a client mistakenly thinks this server is a proxy server.
                OnAuthorityFormTarget(method, target);
            }

            Method = method != HttpMethod.Custom
                ? HttpUtilities.MethodToString(method) ?? string.Empty
                : customMethod.GetAsciiStringNonNullCharacters();
            _httpVersion = version;

            Debug.Assert(RawTarget != null, "RawTarget was not set");
            Debug.Assert(Method != null, "Method was not set");
            Debug.Assert(Path != null, "Path was not set");
            Debug.Assert(QueryString != null, "QueryString was not set");
            Debug.Assert(HttpVersion != null, "HttpVersion was not set");
        }

例如,我们在Host标头中发送LoadBalancer的主机,例如dc-lb.company-dc.lan,在您的情况下,我猜它应该是您的HAProxy实例的主机名