Missing important http headers sometimes

dev support
1

Hi,

Could someone help me please to identify the cause of the problem?

About once in 2 days, appear requests to the project, that are received without required headers, that leads to incorrect request processing in project.
So normally request should have defined in CGI scope variables like:

      "cert_keysize": "256",
      "cert_secretkeysize": "1024",
      "cert_server_issuer": "DC=com, DC=test, CN=test-CA",
      "cert_server_subject": "C=com, S=TEst, L=TEST, O=TEST, OU=ZZ, CN=test.com",
      "content_length": "0",
      "gateway_interface": "CGI/1.1",
      "http_accept_encoding": "gzip",
      "http_connection": "Keep-Alive",
      "http_host": "dev.zxc.test.com",
      "http_user_agent": "Lucee (CFML Engine)",
      "https_keysize": "256",
      "https_server_issuer": "DC=com, DC=test, CN=test-CA",
      "https_server_subject": "C=com, S=test, L=test, O=test, OU=IT, CN=test.com",

But they are empty sometimes
Main header that is required for me is - “host”

First obstacle is that I can’t even reproduce such requests, IIS immediately response with error when I try to send request without “host” header, if I send it empty, it is overwritten probably and is used correct one.

Second obstacle, is that such request doesn’t has some common pattern, sometimes it fails on users request, sometimes on our JOB cfhttp requests…

Thank you.

OS: Windows Server 2012 R2 (6.3) 64bit
Java Version: 1.8.0_181(Oracle Corporation) 64bit
Tomcat Version: Apache Tomcat/9.0.24
Lucee Version: 5.3.7.43

2

Host header is a must and should always be sent all along with the request, so not providing it should obviously cause an error as done by your webserver. See Host - HTTP | MDN

You could try logging all headers in IIS like shown here

Or for debugging, I would grab the headers and all data of a request with the help of cfml gethttprequestdata() function at the start of the processig template/component: You could e.g. insert it into a database debug table with URL, time, request, and IP address to identify the requests afterwards. Because you are seeing wrong processing you could easily find it. If you have lots of requests, you could create a “debugging id hash” and add it that id to your debug table and to your processing table for solid proof reference of the failed requests to your debugging log entries in the database table.

Then use postman or a similar tool for further debugging.