From 6a13421f7a5319fc30e217fa088ed7c5df539791 Mon Sep 17 00:00:00 2001
From: Daniil Demin <deminds@ydb.tech>
Date: Fri, 2 Feb 2024 08:04:55 +0000
Subject: [PATCH] Catch bad http headers in requests to YDB monitoring

[skip ci]
---
 ydb/core/mon/async_http_mon.cpp | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/ydb/core/mon/async_http_mon.cpp b/ydb/core/mon/async_http_mon.cpp
index b9826001011e..49d05f06d6ac 100644
--- a/ydb/core/mon/async_http_mon.cpp
+++ b/ydb/core/mon/async_http_mon.cpp
@@ -200,6 +200,11 @@ class THttpMonLegacyActorRequest : public TActorBootstrapped<THttpMonLegacyActor
         if (Event->Get()->Request->Method == "OPTIONS") {
             return ReplyOptionsAndPassAway();
         }
+        try {
+            Container.GetHeaders();
+        } catch (const yexception& exception) {
+            return ReplyBadRequestAndPassAway(exception.what());
+        }
         Become(&THttpMonLegacyActorRequest::StateFunc);
         if (ActorMonPage->Authorizer) {
             NActors::IEventHandle* handle = ActorMonPage->Authorizer(SelfId(), Container);
@@ -247,6 +252,18 @@ class THttpMonLegacyActorRequest : public TActorBootstrapped<THttpMonLegacyActor
         PassAway();
     }
 
+    void ReplyBadRequestAndPassAway(const TString& message) {
+        NHttp::THttpIncomingRequestPtr request = Event->Get()->Request;
+        TStringBuilder response;
+        response << "HTTP/1.1 400 Bad Request\r\n"
+                 << "Content-Type: text/plain\r\n"
+                 << "Connection: close\r\n"
+                 << "\r\n"
+                 << message << "\r\n";
+        ReplyWith(request->CreateResponseString(response));
+        PassAway();
+    }
+
     void ReplyUnathorizedAndPassAway(const TString& error = {}) {
         NHttp::THttpIncomingRequestPtr request = Event->Get()->Request;
         NHttp::THeaders headers(request->Headers);