Page 1 of 1

CSF UI: Transform HTTP headers to lower-case

Posted: 04 Mar 2024, 06:46
by poralix

The PERL script /etc/csf/ which is running as a daemon, when we enable CSF UI, checks incoming headers, and it requires them to be capitalized.

For example:

Code: Select all

                                        if ($header{'Content-Length'} > 0) {
                                                if ($header{'Content-Length'} > $maxbody) {

Code: Select all

                                                        if ($header{'Content-Type'} =~ /multipart\/form-data/) {
                                                        } else {
The CSF/LFD interface including authentication function got not-working when we use a reverse-proxy (for example OpenLiteSpeed).

Debug output from a direct connection to CSF UI:

Code: Select all

Mar  1 20:12:55 server2 lfd[790514]: UI debug: header [Host] []
Mar  1 20:12:55 server2 lfd[790514]: UI debug: header [Accept] [*/*]
Mar  1 20:12:55 server2 lfd[790514]: UI debug: header [Content-Length] [27]
Mar  1 20:12:55 server2 lfd[790514]: UI debug: header [Content-Type] [application/x-www-form-urlencoded]
Debug output from a proxied connection to CSF UI:

Code: Select all

Mar  1 20:11:23 server2 lfd[790325]: UI debug: header [host] []
Mar  1 20:11:23 server2 lfd[790325]: UI debug: header [content-length] [36]
Mar  1 20:11:23 server2 lfd[790325]: UI debug: header [content-type] [application/x-www-form-urlencoded]
In order to make the CSF UI compatible with a variety of software that can be used as a reverse proxy, I would suggest bringing HTTP headers names to either a lower- or an upper case.

Suggested solution:

1. Change the line:

Code: Select all

$header{$field} = $value;

Code: Select all

$header{lc($field)} = $value;

and then use HTTP-header names in lower case.


Re: CSF UI: Transform HTTP headers to lower-case

Posted: 04 Mar 2024, 06:55
by poralix
Another case reported here: (probably related)

Re: CSF UI: Transform HTTP headers to lower-case

Posted: 05 Mar 2024, 07:46
by poralix
By the way, RFC states
Just as in HTTP/1.x, header field names are strings of ASCII
characters that are compared in a case-insensitive fashion. However,
header field names MUST be converted to lowercase prior to their
encoding in HTTP/2. A request or response containing uppercase
header field names MUST be treated as malformed (Section
Kindly consider fixing the issue.