Hi there,
I found "main.ERROR: CRLF injection detected " in system.log for few days.
May I know how to get rid of it?
Thank you.
Regards,
kf
@kf_luk ,
you don't need to do anything,
it's handled by laminas/laminas-http into Magento2.4.
In a CRLF injection vulnerability attack, the attacker inserts both the carriage return and linefeed characters into user input to trick the server, the web application, or the user into thinking that an object is terminated and another one has started. As such the CRLF sequences are not malicious characters, however, they can be used for malicious intent, for HTTP response splitting, etc.
you can further check the following classes in which it's handled :
Laminas\Http\Request Laminas\Http\Response Laminas\Mail\Address
kindly Accept as a Solution if this works for you and give Kudos
Thanks for comment.
I found when I disable the cron job no more error message. Suspect the error message come from internal. I found something like this. https://stackoverflow.com/questions/59563228/magento-2-main-critical-exception-message-invalid-heade...
It start since two day ago, and I found there is a customer name use Chinese (UTF8) at that date. Not sure if it's related.
Regards,
kf
Modify base on this link is not work.
It still not resolved. But most likely is from internal.
Disable cron scheduler will stop the message.
Server operate without problem but the message prompt every minute.
I will check cron schedule one by one to see what's wrong.
Self update.
I found when cron schedule of the following command will caused the error message.
sales_send_order_emails
sales_send_order_invoice_emails
[2021-01-08 02:10:07] main.ERROR: CRLF injection detected [] []
Look for more hint to dig into two schedule refer to files..
Thank you.