Nginx 431请求标头字段太大 [英] nginx 431 Request Header Fields Too Large
本文介绍了Nginx 431请求标头字段太大的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
最近,我们的Cookie中的数据量变大了,所有通过nginx的请求都开始被拒绝,出现了431个错误响应。
我尝试增加LARGE_CLIENT_HEADER_BUFFERS和CLIENT_HEADER_BUFFER_SIZE,但无济于事。以下是我正在使用的主要nginx.conf的示例:user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
large_client_header_buffers 4 64k;
client_header_buffer_size 8k;
include /etc/nginx/conf.d/*.conf;
}
和特定服务器块:
server {
listen 443 ssl;
server_name staging1.acme.services;
ssl_certificate /certs/acme.services/fullchain.pem;
ssl_certificate_key /certs/acme.services/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
client_max_body_size 1000M;
# following two lines needed for DNS propagation to work
resolver 127.0.0.11 ipv6=off valid=10s;
set $v5 http://frontend;
location /v1/ {
proxy_pass http://gateway:4000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass $v5;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
我已尝试/查看:
400 Bad Request Request Header Or Cookie Too Large nginx
"Request Header Or Cookie Too Large" in nginx with proxy_pass
删除此nginx代理并直接访问站点可以消除这些错误,因此我非常确定这是由此代理进行的一些配置。以下是tcpdump -n -S -s 0 -A 'tcp dst port 80' | grep -B3 -A10 "GET"
生成的tcpump
17:41:49.205476 IP 172.23.0.2.46958 > 172.23.0.3.80: Flags [.], ack 1031354459, win 229, options [nop,nop,TS val 3490060934 ecr 2370799301], length 0
E..4M.@.@............n.P.D..=y8[....XZ.....
.....O..
17:41:49.205513 IP 172.23.0.2.46958 > 172.23.0.3.80: Flags [P.], seq 71625227:71629509, ack 1031354459, win 229, options [nop,nop,TS val 3490060934 ecr 2370799301], length 4282: HTTP: GET / HTTP/1.0
E...M.@.@............n.P.D..=y8[....i......
.....O..GET / HTTP/1.0
Host: staging.acme.services
X-Real-IP: 10.11.13.216
X-Forwarded-For: 10.11.13.216
X-Forwarded-Proto: https
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
DNT: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
--
E..4.A@.@.;O.........p.P....$.......XZ.....
.....O.
推荐答案
转到后端之前,您又添加了3个标头。
这可能足以使后端缓冲区溢出,接近其限制。您可以尝试使用cURL并传递所有标头来重新生成请求。
只需调整后台即可。
这篇关于Nginx 431请求标头字段太大的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文