Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#1691 closed defect (invalid)

ngx_http_browser_module treats amazon web service health checker as ancient_browser

Reported by: malarres@… Owned by:
Priority: major Milestone:
Component: nginx-module Version: 1.14.x
Keywords: aws, amazon, ancient_browser Cc:
uname -a: Linux dd3763ec8b3b 4.14.79-boot2docker #1 SMP Thu Nov 8 01:56:42 UTC 2018 x86_64 Linux
nginx -V: /etc/nginx/conf.d # nginx -V
nginx version: nginx/1.14.2
built with LibreSSL 2.7.4
TLS SNI support enabled
configure arguments: --prefix=/var/lib/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx/nginx.pi
d --lock-path=/run/nginx/nginx.lock --http-client-body-temp-path=/var/tmp/nginx/client_body --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx
/fastcgi --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx -
-with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_im
age_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_modul
e --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slic
e_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream
_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --add-dynamic-module=/home/buildozer/aports/main/nginx/src/njs-0.2.0/nginx --add-dynamic-mod
ule=/home/buildozer/aports/main/nginx/src/ngx_devel_kit-0.3.0 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx_cache_purge-2.4.2 --add-dynamic-module=/home/build
ozer/aports/main/nginx/src/echo-nginx-module-0.61 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx-fancyindex-0.4.3 --add-dynamic-module=/home/buildozer/aports/m
ain/nginx/src/headers-more-nginx-module-0.33 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/lua-nginx-module-0.10.13 --add-dynamic-module=/home/buildozer/aports/ma
in/nginx/src/lua-upstream-nginx-module-0.07 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nchan-1.1.14 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/
nginx-http-shibboleth-2.0.1 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/redis2-nginx-module-0.15 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/set-
misc-nginx-module-0.32 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-upload-progress-module-0.9.2 --add-dynamic-module=/home/buildozer/aports/main/nginx/src
/nginx-upstream-fair-0.1.3 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-rtmp-module-1.2.1 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-
vod-module-1.24

Description

Amazon Load Balancer performs a series of Health checks, and as user agent string it declares "ELB-HealthChecker/2.0"

This is captured by Module ngx_http_browser_module under

ancient_browser msie 2.0;

And depending on configuration this makes nginx not return a 200 OK when the health check is performed, thus not uploading the new version to Amazon

Change History (2)

comment:1 by Maxim Dounin, 2 years ago

Resolution: invalid
Status: newclosed

The ancient_browser directive defines strings to be matched in the User-Agent header to detect if the browser is ancient. Note that it is different from the modern_browser directive, which accepts browser name and version.

In your configuration, any browser with User-Agent which includes strings msie or 2.0 will be considered ancient, and this is what happens with ELB-HealthChecker/2.0 - because there is 2.0 string in it. If you do not want this to be detected as an ancient browser, reconsider your configuration.

Note well that the browser module is generally deprecated and wasn't updated for years. It will incorrectly detect at least some modern browsers, see, e.g., #55. If you need to detect different browsers and act differently depending on their versions, consider using appropriate map.

comment:2 by malarres@…, 2 years ago

Thank you very much for the clarification

Note: See TracTickets for help on using tickets.