In an otherwise perfectly functioning wiki (1.34) with PF (5.1), using Special:RunQuery will regularly return a "400 Bad Request" response to the client. In trying to understand this behavior, we have confirmed that A) the "400 Bad Request" is generated from our Haproxy front-end, and B) Haproxy is notoriously strict [1] about the adherence to RFC7230 (section 4.3.6?) in terms of message parsing and (from the haproxy documentation):

This means that invalid characters in header names are not permitted and cause an error to be returned to the client. This is the desired behaviour as such forbidden characters are essentially used to build attacks exploiting server weaknesses, and bypass security filtering.

Sometimes, a buggy browser or server will emit invalid header names for whatever reason (configuration, implementation) and the issue will not be immediately fixed. In such a case, it is possible to relax HAProxy's header name parser to accept any character even if that does not make sense, by specifying this option.

Similarly, the list of characters allowed to appear in a URI is well defined by RFC3986, and chars 0-31, 32 (space), 34 ('"'), 60 ('<'), 62 ('>'), 92 ('\'), 94 ('^'), 96 ('`'), 123 ('{'), 124 ('|'), 125 ('}'), 127 (delete) and anything above are not allowed at all. Haproxy always blocks a number of them (0..32, 127). The remaining ones are blocked by default unless this option is enabled. This option also relaxes the test on the HTTP version, it allows HTTP/0.9 requests to pass through (no version specified) and multiple digits for both the major and the minor version.

Is it possible that PF Special:RunQuery is constructing an http-request in some situations which is not in strict compliance with RFC7231 section 4.3.6? [1]

While I'm not 100% what the root cause is, we have been able to eliminate the problem by making the following modification to Page Forms

/opt/htdocs/mediawiki/extensions/PageForms

git status

# HEAD detached at 5.1

git diff

diff --git a/specials/PF_RunQuery.php b/specials/PF_RunQuery.php
index da03da4..a7636c4 100644
--- a/specials/PF_RunQuery.php
+++ b/specials/PF_RunQuery.php
@@ -147,6 +147,7 @@ class PFRunQuery extends IncludableSpecialPage {

 END;
                        foreach ( $queryStringValues as $key => $value ) {
+                               if ( $key == "MySearchPage" ) continue;
                                if ( is_array( $value ) ) {
                                        $value = wfArrayToCgi( $value );
                                }

where "MySearchPage" is the name of the wiki page which contains the RunQuery

(Note - the hack was proposed by Yaron on 5/24/2020)

[1] https://stackoverflow.com/questions/39286346/extra-space-in-http-headers-gives-400-error-on-haproxy

See also: https://www.mediawiki.org/wiki/Extension_talk:Page_Forms/Archive_May_to_December_2021#Special:RunQuery_generating_invalid_http-requests?