CSF UI: Transform HTTP headers to lower-case

[poralix]

Hello,

The PERL script /etc/csf/lfd.pl which is running as a daemon, when we enable CSF UI, checks incoming headers, and it requires them to be capitalized.

For example:

Code: Select all

                                        if ($header{'Content-Length'} > 0) {
                                                if ($header{'Content-Length'} > $maxbody) {

and

Code: Select all

                                                        if ($header{'Content-Type'} =~ /multipart\/form-data/) {
                                                                $client->read($fileinc,$header{'Content-Length'});
                                                        } else {
                                                                $client->read($buffer,$header{'Content-Length'});

The CSF/LFD interface including authentication function got not-working when we use a reverse-proxy (for example OpenLiteSpeed).

Debug output from a direct connection to CSF UI:

Code: Select all

Mar  1 20:12:55 server2 lfd[790514]: UI debug: header [Host] [127.0.0.1:1035]
Mar  1 20:12:55 server2 lfd[790514]: UI debug: header [Accept] [*/*]
Mar  1 20:12:55 server2 lfd[790514]: UI debug: header [Content-Length] [27]
Mar  1 20:12:55 server2 lfd[790514]: UI debug: header [Content-Type] [application/x-www-form-urlencoded]

Debug output from a proxied connection to CSF UI:

Code: Select all

Mar  1 20:11:23 server2 lfd[790325]: UI debug: header [host] [127.0.0.1:1035]
Mar  1 20:11:23 server2 lfd[790325]: UI debug: header [content-length] [36]
Mar  1 20:11:23 server2 lfd[790325]: UI debug: header [content-type] [application/x-www-form-urlencoded]

In order to make the CSF UI compatible with a variety of software that can be used as a reverse proxy, I would suggest bringing HTTP headers names to either a lower- or an upper case.

Suggested solution:

1. Change the line:

Code: Select all

$header{$field} = $value;

to

Code: Select all

$header{lc($field)} = $value;

and then use HTTP-header names in lower case.

Regards,
Alex.

[poralix]

Another case reported here: https://forum.configserver.com/viewtopic.php?t=12294 (probably related)

[poralix]

By the way, RFC https://www.rfc-editor.org/rfc/rfc7540#section-8.1.2 states

Just as in HTTP/1.x, header field names are strings of ASCII
characters that are compared in a case-insensitive fashion. However,
header field names MUST be converted to lowercase prior to their
encoding in HTTP/2. A request or response containing uppercase
header field names MUST be treated as malformed (Section 8.1.2.6).

Kindly consider fixing the issue.