Status 400: Invalid charactor in header name: 'X-ForProto -Proto' about openlitespeed HOT 9 CLOSED

OK, I see what is wrong. I think nginx proxy must be configured also send X-Forwarded-scheme: https in addition to X-Forwarded-proto: https, just drop X-Forwarded-scheme: https should fix this. do not need to have both.

from openlitespeed.

OK, I see what is wrong. I think nginx proxy must be configured also send X-Forwarded-scheme: https in addition to X-Forwarded-proto: https, just drop X-Forwarded-scheme: https should fix this. do not need to have both.

A HUGE thank you because after 4 days of fruitless searching it works FINALLY !!!!

No more headaches, too good :D

from openlitespeed.

I find a clue.

I've another project with same nginx proxy manager and nginx in backend and php8.1 from apt.

When i display "var_dump($_SERVER)", i've in return:
HTTP_X_FORWARDED_PROTO

But, in the same project, when i replace backend nginx by OLS 1.7.17 and lsphp8.1, i've:
HTTP_X_FORPROTO__PROTO

And if i use OLS 1.7.18, error 400 as described already.

So, i think that there is a problem in OLS or LSPHP, won't you?

from openlitespeed.

@popallo OK, so I am using this same setup and after having released my new arm64 Docker image with 1.7.18 this is not the problem. However I am not configuring NPM to send either X-Forwarded-scheme: https or X-Forwarded-proto: https in the proxy host configurations. Where did you manage to "fix" this?

@litespeedtech The fact that it was working before on 1.7.16 & 1.7.17 without problems and now is broken on 1.7.18 to me means that something has changed in OLS that is a breaking change.

from openlitespeed.

@popallo OK, I found it(/etc/nginx/conf.d/include/proxy.conf ), however, it's a problem because I run NPM as a Docker container.

add_header       X-Served-By $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto  $scheme;
proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP          $remote_addr;
proxy_pass       $forward_scheme://$server:$port$request_uri;

@litespeedtech this is a problem with OLS as we shouldn't need to reconfigure Nginx to fix this when it wasn't an issue before. I can't modify the core NPM/nginx configuration in my case as I run the Nginx Proxy Manager from their Docker image which has always had this configuration setup out-of-the-box.

from openlitespeed.

this is a problem with OLS as we shouldn't need to reconfigure Nginx to fix this when it wasn't an issue before. I can't modify the core NPM/nginx configuration in my case as I run the Nginx Proxy Manager from their Docker image which has always had this configuration setup out-of-the-box.

Hi @timnolte. They made a change in OPLS since v1.7.18 which is:
"[Security] Apply more strict request header validation."

And i think the problem starts from here.

I also use the Nginx Proxy Manager docker and to work around the situation I therefore modified the file you mentioned above (/etc/nginx/conf.d/include/proxy.conf) by mapping it directly from the host.

This is probably not the ultimate solution and a short post on NginxPM's github is likely to help.

from openlitespeed.

@popallo ah, yeah, good call on mapping that file so that it can be overridden. I'll probably have to go that route temporarily as well.

from openlitespeed.

This should be fixed in the latest 1.7.18.1 update.

from openlitespeed.

@litespeedtech when will the binary Debian packages be updated with this version? I had to switch to the binary arm64 packages instead of building from source due to build errors that I couldn't resolve.

from openlitespeed.