Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

header length bug : +opportunity to add custom error handler pages :D #2801

Open
WilliamSalusky opened this issue May 24, 2024 · 1 comment

Comments

@WilliamSalusky
Copy link
Collaborator

I suspect due to the health check, when a client loses connectivity to it's Arkime/cont3xt server for a period of time, the cookie header value continues to grow until the server can no longer process the header.

That condition results in (the not very pretty):

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Size of a request header field exceeds server limit.</p>
</body></html>

I guess this is also specific to the web server chosen to front the app. But in the case of Apache, can the project recommend modifications to server error handler pages? Even errors should be Arkime/cont3xt themed!

I wonder if you would be able to modify the cases where header field length exceptions occur, would it even be possible to "suggest" clearing the now broken cookie to the browser specific 'dump' option?

Not sure if this would be a client side violation, but it would be nice to make a clickable reference to help a user clear the site specific cache:

  • For Chrome:
chrome://settings/content/siteDetails?site=https%3A%2F%2F${local_server_instance_name}%2F&search=cookie

How about a custom 400 handler for:

/error/HTTP_BAD_REQUEST.html.var

Ultimately, there is a bug that only surfaces during periods of client inability to connect to the server, and until site cache is cleared, the user is broken. I've found users who gave up on the app because they didn't know how to resolve this problem manually.

@awick
Copy link
Contributor

awick commented May 24, 2024

Can you share

  • which cookie
  • which auth method
  • which tools, is it just cont3xt?

We used to see this with viewer and badly configured enterprise SSO.

I think the real solution might be to back off on health checks if they start failing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants