-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
invalid_request, CaseClauseError #74
Comments
Could this be HTTPS health checks sent to an HTTP listener? |
No, that's not it. |
Thanks for the report! The discrepancy between 0.6.4 and earlier versions is due to a return argument I'd missed in refactoring; it's fixed on the linked PR. In terms of the overall issue of verbose logging, I suspect that Cowboy is also erroring on these same connections, but is doing so silently as is its general policy (Bandit logs loudly on error cases by design). What you're seeing on the earlier versions is intended, though we should be passing through the underlying error (I've got this fix on the PR as well). Is it possible for you to test against a Bandit branch and report back as to the error you're seeing? The See #76 for the branch to test against. |
Do you have any idea about what client is making this request, or anything else that can characterize things from the client side? |
It looks like the response you sent me via DM is a verbatim copy of (part of) the client request. They don't parse as either HTTP/2 or WebSocket payloads, so I'm not really sure what to suggest here other than that it may be an SSL request. I don't know how much further we can go on covering this with tests unless we can glean more info out of any client info you can provide. In the meantime I'm going to merge #76. |
GitHub automation mistakenly closed this issue. I'll re-open it in anticipation of more client info. |
It seems like it is an HTTPS request after all. In the messages that are logged, the first bytes are always |
Good sleuthing! The error message has been updated in #76 to log these cases more simply (and to prevent the Thanks for the issue! |
I updated to the latest version from main, but I'm still seeing these error messages:
I'd appreciate better error messages. Sentry isn't able to recognize these errors as the same, so it's mayhem over there... |
Drag. I'll dig a bit deeper tomorrow and hopefully get to the bottom of it. Now that we have a known repro case it should be straightforward. |
|
There is one observable difference between Cowboy and Bandit, easily reproducible by just running any plain HTTP server and running With Bandit, curl returns With Cowboy, I'm getting an error from the used SSL library, e.g. I don't know whether one of the implementations is more correct than the other. |
Bandit special cases the tls preamble specifically to log on this server side. From there it'll forcibly close the connection which is why you're seeing a difference in behaviour. They're both to spec, since that corner of tls is undefined |
I configured Bandit in a Phoenix 1.7-rc.0 / LiveView application. Ever since making the change, I'm getting
invalid_request
errors. In one application, this occurs periodically during deployments, in another one, it happens throughout the day, about 60 times per hour, which makes me think that it has something to do with health checks.In any case, Cowboy does not log or raise errors under the same circumstances.
Before Bandit 0.6.4, this is what gets logged:
After upgrading to Bandit 0.6.4, we're getting a
CaseClauseError
instead:I guess the
:invalid_request
error comes from here:bandit/lib/bandit/http1/adapter.ex
Line 76 in 422651d
This means that
:erlang.decode_packet/3
returns an HTTP error, but unfortunately, Bandit discards the reason.While we haven't figured out what exactly causes the invalid requests, this should probably be handled gracefully?
The text was updated successfully, but these errors were encountered: