Diagnostics for EnableInsecureAbsoluteFormHostOverride

[Tratcher]

Is there an existing issue for this?

• I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

#39334 added a 6.0 servicing workaround for clients that sent a certain kind of invalid requests. The affected client is being updated (slowly) so we were not planning to port the fix to 7.

The customer has asked for some additional diagnostics so they can know if anybody else is hitting this issue (without disabling the mitigation), and that would help inform if we need to port the fix to 7.0.

Describe the solution you'd like

Add some diagnostics (logs or events) for when this mitigation is hit so we can track how many & who would be affected if it were disabled. We need to work with the customer to find the most consumable output.

Additional context

No response

[halter73]

Is it enough to log the bad request the same way we would without EnableInsecureAbsoluteFormHostOverride? It should be easy to filter just the invalid host header exceptions you're interested in with a DiagnosticListener.

[Tratcher]

Not sure on the specifics yet. Also, the other code path throws so we'd need to avoid that.