400 Bad Request when using NGINX proxy to avoid adblock

[peterwilli]

Hi,

I'm currently trying to get loggly js logging working trough my nginx network (see: https://github.com/loggly/loggly-jslogger#setup-proxy-for-ad-blockers). Somehow it does not work and always gives me '400 Bad Request'-errors.

I'm using the config file in the example as-is (no changes made) and the API request works just fine if I remove my own domain name from the url and replace it by: http://logs-01.loggly.com

So it works when I have no nginx in between, so I believe it's nginx to blame but I just can't place what it could be.

Anyone else having this problem? Thanks!

[peterwilli]

_UPDATE_
Figured it out! After some time of debugging, Apparently Loggly doesnt like cloudflare headers. I changes my config to this and everything is fine now:

#Proxy to Loggly
location /loggly/ {

    rewrite ^/loggly/(.*)$ /$1 break;  # remove the '/loggly' part from the path, leaving /inputs/xxxxxxxx-xxxx-.../tag/xxx
    proxy_set_header Host logs-01.loggly.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;

    proxy_set_header  CF-IPCountry "";
    proxy_set_header  CF-RAY "";
    proxy_set_header  CF-Visitor "";
    proxy_set_header  CF-Connecting-IP "";

    proxy_pass http://logs-01.loggly.com;
}

[mostlyjason]

@peterwilli FYI we recently added a new component which should process these events with the CF headers. If you need them try adding them back in when ready.

[SegersIan]

I'am still facing issues with CloudFlare headers. So seems it's not entirely fixed ? 🤔

[Katulus]

@SegersIan Can you provide more information? This issue is closed for over 3 years. Is your scenario the same as in initial post? Are you using NGINX proxy? Can you provide your configuration, what you send and what you receive?

[SegersIan]

@Katulus Sorry, didn't saw your response. My issuer is not NGIX specific, but I noticed that the following header from cloudflare seems to throw a 400 :

Cf-Visitor: {"scheme":"http"}

I discovered this by first logging to some service like request bin, and then repeating the same request to the loggly API.

This means it's not an NGIX issue, nor a loggle-jslogger issue, where should I consider opening this issue?

EDIT: I've send the following to support:
Hi there.

I'am trying to log to Loggly from my CloudFlare web workers. When I do a post request to my Loggly API endpoint, a 400 response is thrown for my request.

This is an example of the headers that are set by CloudFlare:

{
  "content-length": "252",
  "accept-encoding": "gzip",
  "cf-ray": "49d223d4b0f7c665-MAD",
  "x-forwarded-proto": "https",
  "cf-visitor": "{\"scheme\":\"https\"}",
  "content-type": "text/plain",
  "cf-ew-via": "15",
  "cdn-loop": "cloudflare; subreqs=1",
  "cf-connecting-ip": "2a06:98c0:3600:0:0:0:0:103"
}

This would work :

curl -X POST \
  http://logs-01.loggly.com/inputs/<my-token>/tag/ \
  -H 'Content-Type: text/plain' \
  -d '"Hello world"'

But not :

curl -X POST \
  http://logs-01.loggly.com/inputs/<my-token>/tag/ \
  -H 'Content-Type: text/plain' \
  -H 'cf-visitor: {\"scheme\":\"https\"}' \
  -d '"Hello world"'

I can only remove the cd-visitor header by creating my own proxy so the header would be omitted. Would it be possible to handle a header like this? Or should I work around it myself?

Looking forward to your feedback.
Kind Regards

[Katulus]

@SegersIan Thanks for the info. It looks that our endpoint has issues with {,} and " in the header value. We need to investigate it a bit more. Your support case was moved to our backlog for further investigation. I can't give you any timeline though.

[Katulus]

@SegersIan , this should be now fixed. cf-visitor header won't break things anymore. Can you give it a try?