starred/uptime-kuma
1
0
Fork 0
mirror of https://github.com/louislam/uptime-kuma.git synced 2026-03-02 22:57:00 -05:00
Code Issues 754 Projects Packages Wiki Activity

Parse Error: Invalid header value char #23

New issue
Closed
opened 2026-02-28 01:32:08 -05:00 by deekerman · 15 comments
deekerman commented 2026-02-28 01:32:08 -05:00
Owner
Copy link

Originally created by @cirrusflyer on GitHub (Jul 12, 2021).

Removed old Docker image and setup latest 1.0.1. Added a check to a website that was successfully being checked prior. Getting this error:

Parse Error: Invalid header value char

Have another site that's still working fine. So this error is new with this new version.

Originally created by @cirrusflyer on GitHub (Jul 12, 2021). Removed old Docker image and setup latest 1.0.1. Added a check to a website that was successfully being checked prior. Getting this error: Parse Error: Invalid header value char Have another site that's still working fine. So this error is new with this new version.
deekerman commented 2026-02-28 01:32:13 -05:00
Author
Owner
Copy link

@louislam commented on GitHub (Jul 12, 2021):

I think it caused by invalid http response header rather than 1.0.1 itself, because 1.0.1 just added User-Agent and nothing else in this part.

Related issue:
https://github.com/nodejs/node/issues/27711

@louislam commented on GitHub (Jul 12, 2021): I think it caused by invalid http response header rather than 1.0.1 itself, because 1.0.1 just added User-Agent and nothing else in this part. Related issue: https://github.com/nodejs/node/issues/27711
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@cirrusflyer commented on GitHub (Jul 12, 2021):

Thanks. I wonder why it was working fine in earlier version.

@cirrusflyer commented on GitHub (Jul 12, 2021): Thanks. I wonder why it was working fine in earlier version.
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@cirrusflyer commented on GitHub (Jul 15, 2021):

I see the Incapsula WAF reference here as well, which is what we use. Any way to make the changes others are suggesting to resolve this issue?

@cirrusflyer commented on GitHub (Jul 15, 2021): I see the Incapsula WAF reference here as well, which is what we use. Any way to make the changes others are suggesting to resolve this issue?
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@gufastian commented on GitHub (Aug 26, 2021):

Getting the same issue on apparently well configured websites.

@gufastian commented on GitHub (Aug 26, 2021): Getting the same issue on apparently well configured websites.
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@adumont commented on GitHub (Oct 4, 2021):

Same issue here for some webs (also a web protected by Incapsula ... btw)

@adumont commented on GitHub (Oct 4, 2021): Same issue here for some webs (also a web protected by Incapsula ... btw)
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@louislam commented on GitHub (Oct 4, 2021):

You should report to Incapsula, because they are corrupted your http header.
Uptime Kuma here to tell your that.

@louislam commented on GitHub (Oct 4, 2021): You should report to Incapsula, because they are corrupted your http header. Uptime Kuma here to tell your that.
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@cirrusflyer commented on GitHub (Feb 3, 2022):

Just an update. I spoke with Incapsula (Imperva) and they stated this:

"I suspect that this is being caused by our client classification cookie, which is a malformed cookie by design...The client classification cookie is just one of many different client classification methods that we use, so disabling it will not increase the security risk towards the site."

I also know that Uptime Robot, OhDear!, and others don't have this issue. What's unique about Kuma?

@cirrusflyer commented on GitHub (Feb 3, 2022): Just an update. I spoke with Incapsula (Imperva) and they stated this: "I suspect that this is being caused by our client classification cookie, which is a malformed cookie by design...The client classification cookie is just one of many different client classification methods that we use, so disabling it will not increase the security risk towards the site." I also know that Uptime Robot, OhDear!, and others don't have this issue. What's unique about Kuma?
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@simmessa commented on GitHub (Mar 18, 2022):

Hi there,

for the people coming here for a fix I just wanted to add that if you're running uptime-kuma in docker container and you see this issue (maybe you're unlucky enough to be forced to monitor resources behing incapsula malformed cookies) you can quickly fix by launching the docker container with --insecure-http-parser like this:

docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1 node --insecure-http-parser server/server.js

Please make sure the --insecure-http-parser goes before the js file for this to work.

Hope it's useful to you all.

p.s.:
Please do some research on the security implications of using that --insecure-http-parser switch, there's more here: https://nodejs.org/docs/latest-v12.x/api/cli.html#cli_insecure_http_parser

@simmessa commented on GitHub (Mar 18, 2022): Hi there, for the people coming here for a fix I just wanted to add that if you're running uptime-kuma in docker container and you see this issue (maybe you're unlucky enough to be forced to monitor resources behing incapsula malformed cookies) you can quickly fix by launching the docker container with --insecure-http-parser like this: ``` docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1 node --insecure-http-parser server/server.js ``` Please make sure the --insecure-http-parser goes before the js file for this to work. Hope it's useful to you all. p.s.: Please do some research on the security implications of using that --insecure-http-parser switch, there's more here: https://nodejs.org/docs/latest-v12.x/api/cli.html#cli_insecure_http_parser
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@adumont commented on GitHub (Mar 18, 2022):

Just tested, --insecure-http-parser switch working for me. Thanks (I do have some sites behind Imperva Incapsula)

@adumont commented on GitHub (Mar 18, 2022): Just tested, --insecure-http-parser switch working for me. Thanks (I do have some sites behind Imperva Incapsula)
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@henkisdabro commented on GitHub (Apr 15, 2022):

Thanks @simmessa for the solution, much appreciated! Would it be possible to implement some type of "disregard malformed cookies" option on per-monitor level? That way we don't need to make the entire Uptime Kuma instance parse insecure HTTP headers, but rather only when really necessary.

@henkisdabro commented on GitHub (Apr 15, 2022): Thanks @simmessa for the solution, much appreciated! Would it be possible to implement some type of "disregard malformed cookies" option on per-monitor level? That way we don't need to make the entire Uptime Kuma instance parse insecure HTTP headers, but rather only when really necessary.
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@mitin20 commented on GitHub (Jun 5, 2022):

works perfectly behind imperva-incapsula sites using docker thanks!!! @simmessa @adumont

BTW any idea how to include --insecure-http-parser on kubernetes manifest

@mitin20 commented on GitHub (Jun 5, 2022): works perfectly behind imperva-incapsula sites using docker thanks!!! @simmessa @adumont BTW any idea how to include --insecure-http-parser on kubernetes manifest
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@3deep5me commented on GitHub (Jun 9, 2022):

@mitin20 check this spec out on a k8s deployment:

spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: uptime-kuma
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: uptime-kuma
    spec:
      containers: #use this down here
      - command:
        - node
        - --insecure-http-parser
        - server/server.js
@3deep5me commented on GitHub (Jun 9, 2022): @mitin20 check this spec out on a k8s deployment: ``` spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: uptime-kuma strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: uptime-kuma spec: containers: #use this down here - command: - node - --insecure-http-parser - server/server.js ```
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@louislam commented on GitHub (Jun 9, 2022):

Using environment variable should be easier in Docker/K8s.

NODE_OPTIONS=--insecure-http-parser

@louislam commented on GitHub (Jun 9, 2022): Using environment variable should be easier in Docker/K8s. `NODE_OPTIONS=--insecure-http-parser`
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@MrCaringi commented on GitHub (Jul 14, 2022):

Hi there,

for the people coming here for a fix I just wanted to add that if you're running uptime-kuma in docker container and you see this issue (maybe you're unlucky enough to be forced to monitor resources behing incapsula malformed cookies) you can quickly fix by launching the docker container with --insecure-http-parser like this:

docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1 node --insecure-http-parser server/server.js

Thanks it worked for my docker-compose too:

    command:
      - node
      - --insecure-http-parser
      - server/server.js
@MrCaringi commented on GitHub (Jul 14, 2022): > Hi there, > > for the people coming here for a fix I just wanted to add that if you're running uptime-kuma in docker container and you see this issue (maybe you're unlucky enough to be forced to monitor resources behing incapsula malformed cookies) you can quickly fix by launching the docker container with --insecure-http-parser like this: > > ``` > docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1 node --insecure-http-parser server/server.js > ``` Thanks it worked for my docker-compose too: ``` command: - node - --insecure-http-parser - server/server.js ```
deekerman commented 2026-02-28 01:32:14 -05:00
Author
Owner
Copy link

@bamhm182 commented on GitHub (Oct 19, 2022):

Just chiming in here to say I too would like to see the ability to implement this on a per-monitor level as well.

@bamhm182 commented on GitHub (Oct 19, 2022): Just chiming in here to say I too would like to see the ability to implement this on a per-monitor level as well.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
npm-update
3.0.X
dev-better-auth
copilot/remove-password-complexity-requirements
2.2.X
copilot/sub-pr-6355
1.23.X
api-via-socketio-client
2.1.3
2.1.2
2.1.1
2.1.0
2.1.0-beta.3
2.1.0-beta.2
2.1.0-beta.1
2.1.0-beta.0
2.0.2
2.0.1
1.23.17
2.0.0
2.0.0-beta.4
2.0.0-beta.3
2.0.0-beta.2
2.0.0-beta.2-temp
2.0.0-beta.1
1.23.16
2.0.0-beta.0
1.23.15
1.23.14
1.23.13
1.23.12
1.23.11
1.23.10
1.23.9
1.23.8
1.23.7
1.23.6
1.23.5
1.23.5-beta.0
1.23.4
1.23.3
1.23.2
1.23.1
1.23.0
1.23.0-beta.1
1.23.0-beta.0
1.22.1
1.22.0
1.22.0-beta.0
1.21.3
1.21.2
1.21.2-beta.0
1.21.1
1.21.0
1.21.0-beta.1
1.21.0-beta.0
1.20.2
1.20.1
1.20.0
1.20.0-beta.0
1.19.6
1.19.5
1.19.4
1.19.3
1.19.2
1.19.1
1.19.0
1.19.0-beta.2
1.19.0-beta.1
1.19.0-beta.0
1.18.5
1.18.4
1.18.3
1.18.2
1.18.1
1.18.0
1.18.0-beta.0
1.17.1
1.17.0
1.17.0-beta.1
1.17.0-beta.0
1.16.1
1.16.0
1.16.0-beta.0
1.15.1
1.15.0
1.15.0-beta.1
1.14.1
1.15.0-beta.0
1.14.0
1.14.0-beta.2
1.13.2
1.14.0-beta.1
1.14.0-beta.0
1.13.1
1.13.0
1.13.0-beta.2
1.13.0-beta.1
1.13.0-beta.0
1.12.1
1.12.0
1.11.4
1.11.3
1.11.2
1.11.1
1.11.0
1.10.2
1.10.1
1.10.0
1.9.2
1.9.1
1.9.0
1.8.0
1.7.3
1.7.2
1.7.1
1.7.0
1.6.3
1.6.2
1.6.1
1.6.0
1.5.3
1.5.2
1.5.1
1.5.0
1.3.2
1.3.1
1.3.0
1.2.0
1.1.0
1.0.10
1.0.9
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
Labels
Clear labels   
A:accessibility

   
A:api

   
A:cert-expiry

   
A:core

   
A:dashboard

   
A:deployment

   
A:documentation

   
A:domain expiry

   
A:incidents

   
A:maintenance

   
A:metrics

   
A:monitor

   
A:notifications

   
A:reports

   
A:settings

   
A:status-page

   
A:ui/ux

   
A:user-management

   
Stale

   
ai-slop

   
blocked

   
blocked-upstream

   
bug

   
cannot-reproduce

   
dependencies

   
discussion

   
duplicate

   
feature-request

   
feature-request

   
good first issue

   
hacktoberfest

   
help

   
help wanted

   
house keeping

   
invalid

   
invalid-format

   
invalid-format

   
question

   
releaseblocker 🚨

   
security

   
spam

   
type:enhance-existing

   
type:new

   
wontfix
No labels
A:accessibility
A:api
A:cert-expiry
A:core
A:dashboard
A:deployment
A:documentation
A:domain expiry
A:incidents
A:maintenance
A:metrics
A:monitor
A:notifications
A:reports
A:settings
A:status-page
A:ui/ux
A:user-management
Stale
ai-slop
blocked
blocked-upstream
bug
cannot-reproduce
dependencies
discussion
duplicate
feature-request
feature-request
good first issue
hacktoberfest
help
help wanted
house keeping
invalid
invalid-format
invalid-format
question
releaseblocker 🚨
security
spam
type:enhance-existing
type:new
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/uptime-kuma#23
No description provided.