Opened 5 weeks ago

Closed 5 weeks ago

Last modified 5 weeks ago

#1691 closed defect (invalid)

ngx_http_browser_module treats amazon web service health checker as ancient_browser

Reported by: malarres@… Owned by:
Priority: major Milestone:
Component: nginx-module Version: 1.14.x
Keywords: aws, amazon, ancient_browser Cc:
uname -a: Linux dd3763ec8b3b 4.14.79-boot2docker #1 SMP Thu Nov 8 01:56:42 UTC 2018 x86_64 Linux
nginx -V: /etc/nginx/conf.d # nginx -V nginx version: nginx/1.14.2 built with LibreSSL 2.7.4 TLS SNI support enabled configure arguments: --prefix=/var/lib/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx/nginx.pi d --lock-path=/run/nginx/nginx.lock --http-client-body-temp-path=/var/tmp/nginx/client_body --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx /fastcgi --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx - -with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_im age_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_modul e --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slic e_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream _realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --add-dynamic-module=/home/buildozer/aports/main/nginx/src/njs-0.2.0/nginx --add-dynamic-mod ule=/home/buildozer/aports/main/nginx/src/ngx_devel_kit-0.3.0 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx_cache_purge-2.4.2 --add-dynamic-module=/home/build ozer/aports/main/nginx/src/echo-nginx-module-0.61 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx-fancyindex-0.4.3 --add-dynamic-module=/home/buildozer/aports/m ain/nginx/src/headers-more-nginx-module-0.33 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/lua-nginx-module-0.10.13 --add-dynamic-module=/home/buildozer/aports/ma in/nginx/src/lua-upstream-nginx-module-0.07 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nchan-1.1.14 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ nginx-http-shibboleth-2.0.1 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/redis2-nginx-module-0.15 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/set- misc-nginx-module-0.32 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-upload-progress-module-0.9.2 --add-dynamic-module=/home/buildozer/aports/main/nginx/src /nginx-upstream-fair-0.1.3 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-rtmp-module-1.2.1 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx- vod-module-1.24

Description

Amazon Load Balancer performs a series of Health checks, and as user agent string it declares "ELB-HealthChecker?/2.0"

This is captured by Module ngx_http_browser_module under

ancient_browser msie 2.0;

And depending on configuration this makes nginx not return a 200 OK when the health check is performed, thus not uploading the new version to Amazon

Change History (2)

comment:1 Changed 5 weeks ago by mdounin

  • Resolution set to invalid
  • Status changed from new to closed

The ancient_browser directive defines strings to be matched in the User-Agent header to detect if the browser is ancient. Note that it is different from the modern_browser directive, which accepts browser name and version.

In your configuration, any browser with User-Agent which includes strings msie or 2.0 will be considered ancient, and this is what happens with ELB-HealthChecker/2.0 - because there is 2.0 string in it. If you do not want this to be detected as an ancient browser, reconsider your configuration.

Note well that the browser module is generally deprecated and wasn't updated for years. It will incorrectly detect at least some modern browsers, see, e.g., #55. If you need to detect different browsers and act differently depending on their versions, consider using appropriate map.

comment:2 Changed 5 weeks ago by malarres@…

Thank you very much for the clarification

Note: See TracTickets for help on using tickets.