Node.js 报告 URL 为 200 而不是 404

Question

我有一个 node.js 应用程序使用 express.js 在http://bartonlp.org:8080 上运行。 例如，我在日志输出中看到了这一点：

"GET http://www.baidu.com/?rnd=19712180733831423955225532 HTTP/1.0" 200 2749

我原以为所有其他请求都会产生 404 错误，而不是 200。看起来 www.baidu.com 的请求实际上得到了答复。

怎么会这样？ 我的 app.get('/'... 中唯一的东西是用于主页。

这是一个非常小的 node.js 加上 express.js app.js 和 route/index.js。 这给出了与原始文件相同的结果； 这是我的日志文件的副本：

::ffff:94.102.49.174 - - [22/Sep/2016:23:22:29 +0000] "GET http://www.baidu.com/cache/global/img/gs.gif HTTP/1.1" 404 975 "-" "Mozilla"
::ffff:61.157.96.111 - - [22/Sep/2016:23:49:10 +0000] "GET http://www.baidu.com/?rnd=3342104796019809757566816 HTTP/1.0" 200 197 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
::ffff:61.157.96.111 - - [22/Sep/2016:23:49:10 +0000] "GET http://50.117.47.67:43530/?rnd=2031422537804277052916912 HTTP/1.0" 200 197 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
::ffff:61.157.96.111 - - [22/Sep/2016:23:49:11 +0000] "GET http://123.249.29.201:43210/?rnd=173003480482578803940608 HTTP/1.0" 200 197 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
::ffff:61.157.96.112 - - [22/Sep/2016:23:56:31 +0000] "GET http://123.249.29.201:43210/?rands=_518421966013600083518500 HTTP/1.0" 200 197 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
::ffff:61.157.96.112 - - [22/Sep/2016:23:56:31 +0000] "GET http://www.baidu.com/?rands=_14790662340951392923112 HTTP/1.0" 200 197 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
::ffff:61.157.96.112 - - [22/Sep/2016:23:56:32 +0000] "GET http://50.117.47.15:28712/?rands=_71269649426275522095128 HTTP/1.0" 200 197 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
::ffff:61.157.96.112 - - [22/Sep/2016:23:56:33 +0000] "GET http://50.117.86.106/?rands=_146883056102225940108720 HTTP/1.0" 200 197 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
::ffff:62.210.162.182 - - [23/Sep/2016:00:04:23 +0000] "GET / HTTP/1.1" 200 197 "-" "Ruby"
::ffff:62.210.162.182 - - [23/Sep/2016:00:04:29 +0000] "GET / HTTP/1.1" 200 197 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
::ffff:62.210.162.182 - - [23/Sep/2016:00:04:30 +0000] "GET /HNAP1/ HTTP/1.1" 404 975 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

底部 '/HNAP1/' 失败并显示 404，这正是我所期望的。 但是这些日志行都得到 200：

::ffff:61.157.96.111 - - [22/Sep/2016:23:49:10 +0000] "GET http://www.baidu.com/?rnd=3342104796019809757566816 HTTP/1.0" 200 197 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
::ffff:61.157.96.111 - - [22/Sep/2016:23:49:10 +0000] "GET http://50.117.47.67:43530/?rnd=2031422537804277052916912 HTTP/1.0" 200 197 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
::ffff:61.157.96.111 - - [22/Sep/2016:23:49:11 +0000] "GET http://123.249.29.201:43210/?rnd=173003480482578803940608 HTTP/1.0" 200 197 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
::ffff:61.157.96.112 - - [22/Sep/2016:23:56:31 +0000] "GET http://123.249.29.201:43210/?rands=_518421966013600083518500 HTTP/1.0" 200 197 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
::ffff:61.157.96.112 - - [22/Sep/2016:23:56:31 +0000] "GET http://www.baidu.com/?rands=_14790662340951392923112 HTTP/1.0" 200 197 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
::ffff:61.157.96.112 - - [22/Sep/2016:23:56:32 +0000] "GET http://50.117.47.15:28712/?rands=_71269649426275522095128 HTTP/1.0" 200 197 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
::ffff:61.157.96.112 - - [22/Sep/2016:23:56:33 +0000] "GET http://50.117.86.106/?rands=_146883056102225940108720 HTTP/1.0" 200 197 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"

这是我的 app.js：

var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var routes = require('./routes/index');
var app = express();
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'jade');
// uncomment after placing your favicon in /public
app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('combined'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
app.use('/', routes);
// catch 404 and forward to error handler
app.use(function(req, res, next) {
  var err = new Error('Not Found');
  err.status = 404;
  next(err);
});
// error handlers
// development error handler
// will print stacktrace
if (app.get('env') === 'development') {
  app.use(function(err, req, res, next) {
    res.status(err.status || 500);
   res.render('error', {
     message: err.message,
     error: err
   });
  });
}
// production error handler
// no stacktraces leaked to user
app.use(function(err, req, res, next) {
  res.status(err.status || 500);
  res.render('error', {
    message: err.message,
    error: {}
  });
}); 
module.exports = app;

这是我的路线/index.js

var express = require('express');
var router = express.Router();
/* GET home page. */
router.get('/', function(req, res, next) {
  res.render('index', { title: 'My Test Node App' });
});
module.exports = router;

这是 bin/www 脚本

#!/usr/bin/env node
/**
 * Module dependencies.
*/
var app = require('../app');
var debug = require('debug')('newnode:server');
var http = require('http');
/**
 * Get port from environment and store in Express.
 */
var port = normalizePort(process.env.PORT || '3000');
console.log("PORT: ", port);
app.set('port', port);
/**
 * Create HTTP server.
 */
var server = http.createServer(app);
/**
 * Listen on provided port, on all network interfaces.
 */
server.listen(port);
server.on('error', onError);
server.on('listening', onListening);
/**
 * Normalize a port into a number, string, or false.
 */
function normalizePort(val) {
  var port = parseInt(val, 10);
  if (isNaN(port)) {
   // named pipe
   return val;
  }
  if (port >= 0) {
    // port number
    return port;
  }
  return false;
}
/**
 * Event listener for HTTP server "error" event.
 */
function onError(error) {
  if (error.syscall !== 'listen') {
    throw error;
  }
  var bind = typeof port === 'string'
    ? 'Pipe ' + port
    : 'Port ' + port;
  // handle specific listen errors with friendly messages
  switch (error.code) {
    case 'EACCES':
      console.error(bind + ' requires elevated privileges');
      process.exit(1);
      break;
    case 'EADDRINUSE':
      console.error(bind + ' is already in use');
      process.exit(1);
      break;
    default:
      throw error;
  }
}

/**
 * Event listener for HTTP server "listening" event.
 */
function onListening() {
  var addr = server.address();
  var bind = typeof addr === 'string'
    ? 'pipe ' + addr
    : 'port ' + addr.port;
  console.log('Listening on ' + bind);
}

这个环境是在做'express newnode'之后。

我希望这解释得足够好。

我的问题再次是为什么那些“ http://www.baidu.com ...”记录最终会得到 200 而不是 404？

Answer 1

这不是“不可能的 URL”。 它是完全有效的，尽管完整的 URL（例如http://example.org/foo ）而不是路径（ /foo ）通常用于 HTTP 代理，其中完整的 URL 是客户端希望通过代理访问的站点服务器。

编辑：查看最近发布的服务器端路由代码后，路由设置没有错误。 相反，Express 中似乎存在一个错误， 它仅检查请求 url 的路径部分（忽略任何其他解析的部分）。 我在这里提出了一个问题。

因此，在您的特定情况下，那些请求完整 URL（没有路径）的客户端当前正在接收来自您的/路由处理程序的响应。 其他完整网址（例如http://www.baidu.com/cache/global/img/gs.gif ）不匹配，因为您没有./public/cache/global/img/gs.gif也没有显式路由/cache/global/img/gs.gif处理程序）。 对于那些您在服务器端日志中正确看到 404 的人。

编辑 2：令人惊讶的是，Express 维护者并未将其视为错误，因此您必须检查每个路由处理程序中的req.originalUrl和/或类似属性，或者包含一个通用中间件处理程序（在任何其他请求处理程序之前，除了可能是日志中间件），如果您关心拒绝这些类型的完整 URL 请求，它会检查这些完整的 URL 并适当地处理它们。

这是您首先要添加到中间件/路由处理程序堆栈的示例中间件：

app.use(function(req, res, next) {
  if (req.originalUrl.charCodeAt(0) !== 47/*'/'*/)
    return res.sendStatus(400);
  next();
});