http - “400 Bad Request”回答(看似)正确的 HTTP 请求
问题描述
我有一个设备,一个 Geiger 计数器,它被编程为在我的本地网络上向同一网络上的 Apache 服务器发出一个 HTTP 请求。该服务器总是以“400 Bad request”回答。与此一致,Apache 的错误日志显示:“AH00566:请求失败:请求行格式错误”。
现在我从wireshark 输出中复制这条“格式错误”的行,并将这一行输入浏览器(Firefox 和Chrome 都使用): 服务器给出200 响应,当然没有错误。所以看起来HTTP请求是正确的。为什么不是来自盖革计数器?
Wireshark不应该给出答案吗?我对wireshark的解释已经到了极限,希望大家帮忙。
我附上了wireshark的两行,请求和响应,完全扩展,希望这包含我需要注意的东西。
编辑:我现在已将 mod_log_forensic 模块添加到我的 Apache 服务器。这应该在处理它们之前和之后给我所有的标题信息。令人遗憾的是,它在请求成功时给了我所有的标头信息,但是当它失败时没有任何信息,就像我的“格式错误的请求”一样。我没有看到为此模块设置的任何选项:-((
HTTP request of device at 10.0.0.42 to server at 10.0.0.20:
====================================================================================================
Frame 67003: 165 bytes on wire (1320 bits), 165 bytes captured (1320 bits) on interface 0
Interface id: 0 (enp3s0)
Interface name: enp3s0
Encapsulation type: Ethernet (1)
Arrival Time: Sep 4, 2021 10:28:38.486223543 CEST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1630744118.486223543 seconds
[Time delta from previous captured frame: 0.317684532 seconds]
[Time delta from previous displayed frame: 63.093693181 seconds]
[Time since reference or first frame: 3654.295052488 seconds]
Frame Number: 67003
Frame Length: 165 bytes (1320 bits)
Capture Length: 165 bytes (1320 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: Espressi_36:ac:ba (a0:20:a6:36:ac:ba), Dst: AsustekC_c3:68:12 (ac:22:0b:c3:68:12)
Destination: AsustekC_c3:68:12 (ac:22:0b:c3:68:12)
Address: AsustekC_c3:68:12 (ac:22:0b:c3:68:12)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Espressi_36:ac:ba (a0:20:a6:36:ac:ba)
Address: Espressi_36:ac:ba (a0:20:a6:36:ac:ba)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.0.0.42, Dst: 10.0.0.20
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 151
Identification: 0x0006 (6)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 127
Protocol: TCP (6)
Header checksum: 0x271e [validation disabled]
[Header checksum status: Unverified]
Source: 10.0.0.42
Destination: 10.0.0.20
Transmission Control Protocol, Src Port: 17062, Dst Port: 80, Seq: 1, Ack: 1, Len: 111
Source Port: 17062
Destination Port: 80
[Stream index: 347]
[TCP Segment Len: 111]
Sequence number: 1 (relative sequence number)
[Next sequence number: 112 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
0101 .... = Header Length: 20 bytes (5)
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······AP···]
Window size value: 2920
[Calculated window size: 2920]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xf631 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
[SEQ/ACK analysis]
[iRTT: 0.004491340 seconds]
[Bytes in flight: 111]
[Bytes sent since last PSH flag: 111]
[Timestamps]
[Time since first frame in this TCP stream: 0.322175872 seconds]
[Time since previous frame in this TCP stream: 0.317684532 seconds]
TCP payload (111 bytes)
Hypertext Transfer Protocol
GET /?AID=0123&GID=4567&CPM=22&ACPM=20.39&uSV=0.14 HTTP/1.1\n
[Expert Info (Chat/Sequence): GET /?AID=0123&GID=4567&CPM=22&ACPM=20.39&uSV=0.14 HTTP/1.1\n]
[GET /?AID=0123&GID=4567&CPM=22&ACPM=20.39&uSV=0.14 HTTP/1.1\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /?AID=0123&GID=4567&CPM=22&ACPM=20.39&uSV=0.14
Request URI Path: /
Request URI Query: AID=0123&GID=4567&CPM=22&ACPM=20.39&uSV=0.14
Request URI Query Parameter: AID=0123
Request URI Query Parameter: GID=4567
Request URI Query Parameter: CPM=22
Request URI Query Parameter: ACPM=20.39
Request URI Query Parameter: uSV=0.14
Request Version: HTTP/1.1
Host: 10.0.0.20\r\n
Connection: close\r\n
Accept: */*\r\n
\r\n
[Full request URI: http://10.0.0.20/?AID=0123&GID=4567&CPM=22&ACPM=20.39&uSV=0.14]
[HTTP request 1/1]
[Response in frame: 67005]
====================================================================================================
====================================================================================================
HTTP response of server at 10.0.0.20 to device at 10.0.0.42 :
====================================================================================================
Frame 67005: 538 bytes on wire (4304 bits), 538 bytes captured (4304 bits) on interface 0
Interface id: 0 (enp3s0)
Interface name: enp3s0
Encapsulation type: Ethernet (1)
Arrival Time: Sep 4, 2021 10:28:38.486469123 CEST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1630744118.486469123 seconds
[Time delta from previous captured frame: 0.000198404 seconds]
[Time delta from previous displayed frame: 0.000245580 seconds]
[Time since reference or first frame: 3654.295298068 seconds]
Frame Number: 67005
Frame Length: 538 bytes (4304 bits)
Capture Length: 538 bytes (4304 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:http:data-text-lines]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: AsustekC_c3:68:12 (ac:22:0b:c3:68:12), Dst: Espressi_36:ac:ba (a0:20:a6:36:ac:ba)
Destination: Espressi_36:ac:ba (a0:20:a6:36:ac:ba)
Address: Espressi_36:ac:ba (a0:20:a6:36:ac:ba)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: AsustekC_c3:68:12 (ac:22:0b:c3:68:12)
Address: AsustekC_c3:68:12 (ac:22:0b:c3:68:12)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.0.0.20, Dst: 10.0.0.42
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 524
Identification: 0x8870 (34928)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x9c3e [validation disabled]
[Header checksum status: Unverified]
Source: 10.0.0.20
Destination: 10.0.0.42
Transmission Control Protocol, Src Port: 80, Dst Port: 17062, Seq: 1, Ack: 112, Len: 484
Source Port: 80
Destination Port: 17062
[Stream index: 347]
[TCP Segment Len: 484]
Sequence number: 1 (relative sequence number)
[Next sequence number: 485 (relative sequence number)]
Acknowledgment number: 112 (relative ack number)
0101 .... = Header Length: 20 bytes (5)
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······AP···]
Window size value: 64129
[Calculated window size: 64129]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x25ca [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
[SEQ/ACK analysis]
[iRTT: 0.004491340 seconds]
[Bytes in flight: 484]
[Bytes sent since last PSH flag: 484]
[Timestamps]
[Time since first frame in this TCP stream: 0.322421452 seconds]
[Time since previous frame in this TCP stream: 0.000198404 seconds]
TCP payload (484 bytes)
Hypertext Transfer Protocol
HTTP/1.1 400 Bad Request\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 400 Bad Request\r\n]
[HTTP/1.1 400 Bad Request\r\n]
[Severity level: Chat]
[Group: Sequence]
Response Version: HTTP/1.1
Status Code: 400
[Status Code Description: Bad Request]
Response Phrase: Bad Request
Date: Sat, 04 Sep 2021 08:28:38 GMT\r\n
Server: Apache/2.4.18 (Ubuntu)\r\n
Content-Length: 302\r\n
[Content length: 302]
Connection: close\r\n
Content-Type: text/html; charset=iso-8859-1\r\n
\r\n
[HTTP response 1/1]
[Time since request: 0.000245580 seconds]
[Request in frame: 67003]
[Request URI: http://10.0.0.20/?AID=0123&GID=4567&CPM=22&ACPM=20.39&uSV=0.14]
File Data: 302 bytes
Line-based text data: text/html (10 lines)
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n
<html><head>\n
<title>400 Bad Request</title>\n
</head><body>\n
<h1>Bad Request</h1>\n
<p>Your browser sent a request that this server could not understand.<br />\n
</p>\n
<hr>\n
<address>Apache/2.4.18 (Ubuntu) Server at meinserver Port 80</address>\n
</body></html>\n
解决方案
这个问题在 Wireshark 找到了答案: https ://ask.wireshark.org/question/24316/where-do-i-even-look-to-find-the-reason-for-a-400-bad- request/?answer=24330#post-id-24330
问题是盖革计数器形成了一个不完全符合http规则的http请求:https ://datatracker.ietf.org/doc/html/rfc7230#section-3.5
即,它仅以 LF 结束 http 请求,而它应该发送 CRLF。
Microsoft ASP 服务器接受这一点,而 Apache 服务器将其作为安全问题拒绝 ( https://httpd.apache.org/security/vulnerabilities_24.html,滚动至:“重要:Apache HTTP 请求解析空白缺陷 (CVE-2016) -8743)")
HttpProtocolOptions Unsafe
可以通过插入apache2.conf
. 在我的本地 Apache 服务器上测试,它可以工作!
我想知道管理员在他们的配置文件中插入“不安全”这个词会有什么感觉......
推荐阅读
- android - 通知不振动且 LED 不闪烁
- python - 在列表中重新分配
- google-cloud-firestore - 如何使用 Firestore 获取基于 ID Angular 的单个文档
- android - 有没有办法以编程方式启用 PIP
- java - 编写 minecraft 客户端,启动时崩溃 (MCP)
- javascript - JavaScript 不等待来自端点的响应
- docker - 无需重新构建docker即可更改图像效果
- python - 我不明白这些条件的必要性。链接列表如何以及何时可以为无?
- python - 无法使用 selenium webdriver 提取跨度标记中的文本名称
- python - 文件/rok2YK_D6Oc.mp3:没有这样的文件或目录错误