ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

CSF UI: Transform HTTP headers to lower-case

https://mail.forum.configserver.com/viewtopic.php?t=13083

Page 1 of 1

CSF UI: Transform HTTP headers to lower-case

Posted: 04 Mar 2024, 06:46
by poralix
Hello,

The PERL script /etc/csf/lfd.pl which is running as a daemon, when we enable CSF UI, checks incoming headers, and it requires them to be capitalized.

For example:

Code: Select all

                                        if ($header{'Content-Length'} > 0) {
                                                if ($header{'Content-Length'} > $maxbody) {
and

Code: Select all

                                                        if ($header{'Content-Type'} =~ /multipart\/form-data/) {
                                                                $client->read($fileinc,$header{'Content-Length'});
                                                        } else {
                                                                $client->read($buffer,$header{'Content-Length'});
The CSF/LFD interface including authentication function got not-working when we use a reverse-proxy (for example OpenLiteSpeed).

Debug output from a direct connection to CSF UI:

Code: Select all

Mar  1 20:12:55 server2 lfd[790514]: UI debug: header [Host] [127.0.0.1:1035]
Mar  1 20:12:55 server2 lfd[790514]: UI debug: header [Accept] [*/*]
Mar  1 20:12:55 server2 lfd[790514]: UI debug: header [Content-Length] [27]
Mar  1 20:12:55 server2 lfd[790514]: UI debug: header [Content-Type] [application/x-www-form-urlencoded]
Debug output from a proxied connection to CSF UI:

Code: Select all

Mar  1 20:11:23 server2 lfd[790325]: UI debug: header [host] [127.0.0.1:1035]
Mar  1 20:11:23 server2 lfd[790325]: UI debug: header [content-length] [36]
Mar  1 20:11:23 server2 lfd[790325]: UI debug: header [content-type] [application/x-www-form-urlencoded]
In order to make the CSF UI compatible with a variety of software that can be used as a reverse proxy, I would suggest bringing HTTP headers names to either a lower- or an upper case.

Suggested solution:

1. Change the line:

Code: Select all

$header{$field} = $value;
to

Code: Select all

$header{lc($field)} = $value;

and then use HTTP-header names in lower case.

Regards,
Alex.

Re: CSF UI: Transform HTTP headers to lower-case

Posted: 04 Mar 2024, 06:55
by poralix
Another case reported here: https://forum.configserver.com/viewtopic.php?t=12294 (probably related)

Re: CSF UI: Transform HTTP headers to lower-case

Posted: 05 Mar 2024, 07:46
by poralix
By the way, RFC https://www.rfc-editor.org/rfc/rfc7540#section-8.1.2 states
Just as in HTTP/1.x, header field names are strings of ASCII
characters that are compared in a case-insensitive fashion. However,
header field names MUST be converted to lowercase prior to their
encoding in HTTP/2. A request or response containing uppercase
header field names MUST be treated as malformed (Section 8.1.2.6).
Kindly consider fixing the issue.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited