Hi,
On 3/28/25 01:06, Dragos Pacher wrote:
> Hi,
>
> I have a beginner question please: in 2.6 and 2.8 I am using this custom
> log-format to log the body of requests:
>
> global
> ...
> log 127.0.0.1 len 32000 local0
> tune.http.logurilen 20480
> ...
> defaults
> ...
> log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc
> %ac/%fc/%bc/%sc/%rc %sq/%bq %{+Q}r
> %[fc_err]/%[ssl_fc_err,hex]/%[ssl_c_err]/\%[ssl_c_ca_err]/%[ssl_fc_is_resumed]
> %[ssl_fc_sni]/%sslv/%sslc Payload: %{+Q}[capture.req.hdr(0)]"
> ...
>
> frontend https-in
> bind *:443 ssl crt /ssl/ alpn h2,http/1.1 shards by-thread
> bind [::]:443 ssl crt /ssl/ alpn h2,http/1.1 shards by-thread
>
> # Here I capture the body payload of max 10k characters
> declare capture request len 10000
> http-request capture req.body id 0
> mode http....
>
> and if I send a json as payload with curl like this:
> curl -X POST http://domain.com:80/api -H "Content-Type: application/json" -d
> '{"city": "SomeCity"}'
>
> I get:
> <134>1 2025-03-27T23:40:59+00:00 localhost haproxy 800275 - - ip-here:43116
> [27/Mar/2025:23:40:59.018] https-in test/server1 0/0/0/6/6 200 160 - - ----
> 1/1/0/0/0 0/0 "POST /api HTTP/1.1" 0/-/-/\-/0 -/-/- Payload: "{"city":
> "SomeCity"}"
> this means the json was received correctly: Payload: "{"city": "SomeCity"}"
>
> But if my json has a new line inside it like this:
> curl -X POST http://domain.com:80/api -H "Content-Type: application/json" -d
> "$(printf '{"city":\n"SomeCity"}')"
>
> I get:
> #012 instead of new line:
> <134>1 2025-03-27T23:44:34+00:00 localhost haproxy 800275 - - ip-here:40356
> [27/Mar/2025:23:44:34.056] https-in test/server1 0/0/0/4/4 200 159 - - ----
> 1/1/0/0/0 0/0 "POST /api HTTP/1.1" 0/-/-/\-/0 -/-/- Payload: "{"city":
> #012"SomeCity"}"
> and my Payload: "{"city": #012"SomeCity"}" contains #012 numbers now which
> the backend apps cannot make too much sense of (I don't have control over
> backend apps).
>
> and sometimes #012#015 which corresponds to the platform that sent the
> message: LF+CR or just LF.
I don't understand how that's possible to have haproxy escape special
chars with '#' when leveraging expression to print the capture using :
"%{+Q}[capture.req.hdr(0)]". I'm unable to reproduce using the provided
infos under haproxy 2.6 ... 3.0
The closest behavior I got so far was when I used "%hr" alias to dump
captured headers, but in this case it is expected to have special
characters escaped with "#".
Could you please check if the provided config example was the one used
to trigger the logs? Also what exact versions (2.6 and 2.8) did you test
it against?
>
> Is there a way to unescape these numbers to characters in Haproxy alone? In
> my particular case I don't have control over the backend apps so I need to
> 'sanitize' the json before leaving haproxy/before logged to disk/sent to
> rsyslogd.
>
Do you still mean for the logs generated by haproxy or the actual http
payload relayed by haproxy?
Thanks,
Aurelien
