Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parse Error: Invalid header value char #23

Closed
cirrusflyer opened this issue Jul 12, 2021 · 15 comments
Closed

Parse Error: Invalid header value char #23

cirrusflyer opened this issue Jul 12, 2021 · 15 comments

Comments

@cirrusflyer
Copy link

Removed old Docker image and setup latest 1.0.1. Added a check to a website that was successfully being checked prior. Getting this error:

Parse Error: Invalid header value char

Have another site that's still working fine. So this error is new with this new version.
@louislam
Copy link
Owner

I think it caused by invalid http response header rather than 1.0.1 itself, because 1.0.1 just added User-Agent and nothing else in this part.

Related issue:
nodejs/node#27711

@cirrusflyer
Copy link
Author

Thanks. I wonder why it was working fine in earlier version.

@cirrusflyer
Copy link
Author

I see the Incapsula WAF reference here as well, which is what we use. Any way to make the changes others are suggesting to resolve this issue?

@gufastian
Copy link

Getting the same issue on apparently well configured websites.

@adumont
Copy link

adumont commented Oct 4, 2021
edited
Loading

Same issue here for some webs (also a web protected by Incapsula ... btw)

@louislam
Copy link
Owner

louislam commented Oct 4, 2021

You should report to Incapsula, because they are corrupted your http header.
Uptime Kuma here to tell your that.

@tuxevil tuxevil mentioned this issue Nov 14, 2021
Closed
2 tasks
@louislam louislam mentioned this issue Nov 23, 2021
Closed
@cirrusflyer
Copy link
Author

Just an update. I spoke with Incapsula (Imperva) and they stated this:

"I suspect that this is being caused by our client classification cookie, which is a malformed cookie by design...The client classification cookie is just one of many different client classification methods that we use, so disabling it will not increase the security risk towards the site."

I also know that Uptime Robot, OhDear!, and others don't have this issue. What's unique about Kuma?

@simmessa
Copy link

simmessa commented Mar 18, 2022
edited
Loading

Hi there,

for the people coming here for a fix I just wanted to add that if you're running uptime-kuma in docker container and you see this issue (maybe you're unlucky enough to be forced to monitor resources behing incapsula malformed cookies) you can quickly fix by launching the docker container with --insecure-http-parser like this:

docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1 node --insecure-http-parser server/server.js

Please make sure the --insecure-http-parser goes before the js file for this to work.

Hope it's useful to you all.

p.s.:
Please do some research on the security implications of using that --insecure-http-parser switch, there's more here: https://nodejs.org/docs/latest-v12.x/api/cli.html#cli_insecure_http_parser

@adumont
Copy link

adumont commented Mar 18, 2022
edited
Loading

Just tested, --insecure-http-parser switch working for me. Thanks (I do have some sites behind Imperva Incapsula)

@henkisdabro
Copy link

Thanks @simmessa for the solution, much appreciated! Would it be possible to implement some type of "disregard malformed cookies" option on per-monitor level? That way we don't need to make the entire Uptime Kuma instance parse insecure HTTP headers, but rather only when really necessary.

@mitin20
Copy link

mitin20 commented Jun 5, 2022

works perfectly behind imperva-incapsula sites using docker thanks!!! @simmessa @adumont

BTW any idea how to include --insecure-http-parser on kubernetes manifest

@3deep5me
Copy link

3deep5me commented Jun 9, 2022

@mitin20 check this spec out on a k8s deployment:

spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: uptime-kuma
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: uptime-kuma
    spec:
      containers: #use this down here
      - command:
        - node
        - --insecure-http-parser
        - server/server.js

@louislam
Copy link
Owner

louislam commented Jun 9, 2022

Using environment variable should be easier in Docker/K8s.

NODE_OPTIONS=--insecure-http-parser

@MrCaringi
Copy link

Hi there,

for the people coming here for a fix I just wanted to add that if you're running uptime-kuma in docker container and you see this issue (maybe you're unlucky enough to be forced to monitor resources behing incapsula malformed cookies) you can quickly fix by launching the docker container with --insecure-http-parser like this:

docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1 node --insecure-http-parser server/server.js

Thanks it worked for my docker-compose too:

    command:
      - node
      - --insecure-http-parser
      - server/server.js

@bamhm182
Copy link

Just chiming in here to say I too would like to see the ability to implement this on a per-monitor level as well.

@TroLoos TroLoos mentioned this issue May 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@adumont @henkisdabro @bamhm182 @simmessa @louislam @gufastian @cirrusflyer @MrCaringi @mitin20 @3deep5me