I want to block/disable HTTP TRACE method on RabbitMq.
Basically, what I want is, when we hit RabbitMQ HTTP port like below, it should say, "HTTP/1.1 405 Method Not Allowed" for TRACE method.
$curl -v -X TRACE http://server-name:15672
Related
I'm reverse proxying a websocket backend API with spring-cloud-gateway 2.2.3. When this backend API rejects some websocket handshake request with a 401 Unauthorized status response, then spring-cloud-gateway still returns a 101 handshake status to the client (which gets confused and then misbehaves)
I need spring-cloud-gateway to return the original 401 websocket handshake error to the client so the SCG reverse proxy is transparent to the client (which is conforming to the WebSocket specs handshake)
Here are the full wiretap traces and exception (I have redacted hostnames).
The client-side response in this WSS request is available as a HAR file captured from chrome and which displays in chrome
as this screenpshot.
Here is my spring cloud gateway configuration
spring:
cloud:
gateway:
routes:
- id: route_shield
uri: https://shield-webui-cf-mysql.nd-int-cfapi.was.redacted
predicates:
- Host=**
filters:
- SetRequestHostHeader=shield-webui-cf-mysql.nd-int-cfapi.was.redacted
ssl:
useInsecureTrustManager: true
I'm wondering whether this is a spring-cloud-gateway bug, or a desired behavior which I can override.
To override it, here are alternatives I'm considering:
using circuit breaker filter and fallback to a local handler returning a 401
write a custom post-filter
Override/patch the WebsocketRoutingFilter
However my debugger breakpoint in the handle(WebSocketSession session) method does not trigger, suspecting it is not called
Likely would need to provide a RequestUpgradeStrategy bean as an alternative to the default implementation of org.springframework.web.reactive.socket.server.upgrade.ReactorNettyRequestUpgradeStrategy#getNativeResponse mentionned in the trace
io.netty.handler.codec.http.websocketx.WebSocketHandshakeException: Invalid handshake response getStatus: 401 Unauthorized
at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker13.verify(WebSocketClientHandshaker13.java:274) ~[netty-codec-http-4.1.51.Final.jar:4.1.51.Final]
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
Error has been observed at the following site(s):
|_ checkpoint ⇢ http://localhost:8080/v2/events [ReactorNettyRequestUpgradeStrategy]
I'm trying to create an API using Fluentd that receives events via HTTP, parses those events, and then returns the parsed event data to the client in the response.
I have been able to set up the HTTP endpoint in Fluentd and verify that it is receiving data. However, from the documentation, I cannot find a way to return data to the client in the response body.
I'm starting from the standard HTTP example in the Fluentd docs:
<source>
#type http
#id input_http
port 8888
</source>
<match debug.**>
#type stdout
#id output_stdout
</match>
And when I curl the endpoint
curl -i -X POST -d 'json={"json":"message"}' http://localhost:8888/debug.test
this is what I get:
HTTP/1.1 200 OK
Content-Type: text/plain
Connection: Keep-Alive
Content-Length: 0
So the endpoint is working, but I need it to return data to the client.
How could I modify my config to return data in the response, in addition to the status code information? Do I need to add an output or can this be accomplished by modifying the input? Obviously I will need to add a parser or exec filter of some type to modify the data before it is returned, but right now, I am just trying to get it to return the request body.
Fluentd is logs aggregator and collector with inputs, outputs and transformation. It doesn't work as API like you are desiring.
I wanted to use NiFi's posthttp/invokeHttp processor to post a PDF to an API.
But considering the following cURL request to replicate in NiFi:
curl -X POST "http://ipaddress:port/api/" -H "accept: application/json" -H
"Content-Type: multipart/form-data" -F "pdf_file=#sample.pdf;
type=application/pdf"
Which property takes the -F information in nifi attributes?
Configuration for invokehttp right now:
error:
"400 Bad Request: The browser (or proxy) sent a request that this server could not understand."
Configration for posthttp right now:
error:
server logs: readv() failed (104: Connection reset by peer) while reading upstream
In older version of nifi you will have to use your own script to build a multipart request and then use invoke to create post request. You can refer to this post for a ExecuteGroovyScript example.
https://stackoverflow.com/a/57204862
Since Nifi 1.12 you can directly use invokeHTTP by setting content-type
https://stackoverflow.com/a/69284300
When you use PostHttp/InvokeHttp you wouldn't be referencing an external file, you would be sending the content of the flow file. So you would first need to bring sample.pdf into NiFi by using GetFile or ListFile/FetchFile and then flow file coming out of those processors represents the PDF, and you would route that flow file to InvokeHttp which would POST the content of the flow file (the pdf).
< HTTP/1.1 405 Method Not Allowed
< Allow: POST, GET, OPTIONS, HEAD
< Content-Length: 0
< Date: Fri, 26 May 2017 12:05:36 GMT
< Server: myservername
Hi whenever i do a curl request to my application using HTTP TRACE method . The above response displays .
Can someone tell me the steps to hide the "Allow: POST, GET, OPTIONS, HEAD" and "Server: myservername" information. How to hide these two in my TOMCAT6
By default Tomcat automatically responds to TRACE requests with a status code 405 and the headers you showed.
To change this behaviour you can do the following:
Allow TRACE requests to reach your servlets. This is done by settings the allowTrace attribute to true on a connector: https://tomcat.apache.org/tomcat-5.5-doc/config/http.html#Common_Attributes
In your servlet detect and handle the TRACE request and the send only the headers you want to send.
I think you should not take so much attention about that.
You launched a HTTP request with the method TRACE.
The answer tells you that method TRACE is not supported (Status 405) and provides available and supported method in the header Allow : POST, GET, OPTIONS, HEAD
All of this is perfectly acceptable and seems like a normal behaviour.
About the Server header, you have some details here
We have configured NTLM authentication using SSPI on apache due to which the authentication is three steps, where there are two 401 responses followed by 201/200 response.
Now in IE browser, this breaks because of - Why "Content-Length: 0" in POST requests?
Apache web server sends a 400 bad request response due to empty post request due to which POST on the server breaks.
How can I configure Apache to not treat this as 400 BAD request and process it normally?