Welcome! Log In Create A New Profile

Advanced

Nginx not enforcing default client_max_body_size ?

Previous Message Next Message
Forum List Message List New Topic Print View
Dave Pedu
December 14, 2018 12:10AM
Hello,

I came across some nginx behavior that seems odd to me. In my config, I
have this server block:


server {
server_name subdomain.somehostname.com
listen 443 ssl;
ssl_certificate "/some/file.crt";
ssl_certificate_key "/some/other/file.key";
ssl_protocols <redacted>
ssl_ciphers <redacted>
return 307 https://anothersubdomain.somehostname.com$request_uri;
}


I'm using a 307 redirect to cause clients to retry their original
request at the redirected destination, particularly for file uploads.
With the above configuration, client requests regardless of post size -
even larger than the default client_max_body_size - are redirected. For
example, a 6MB file upload:


$ curl -v --data-binary "@5mbRandomData.bin"
'https://subdomain.somehostname.com/upload'
...
> POST /upload HTTP/1.1
...
> User-Agent: curl/7.54.0
> Content-Length: 6161400
> Content-Type: application/x-www-form-urlencoded
> Expect: 100-continue
>
< HTTP/1.1 100 Continue
< HTTP/1.1 307 Temporary Redirect
< Server: nginx/1.12.2
< Location: https://anothersubdomain.somehostname.com/upload
...


However, when I place the "return" line within a location block as shown
here:


server {
server_name subdomain.somehostname.com
listen 443 ssl;
ssl_certificate "/some/file.crt";
ssl_certificate_key "/some/other/file.key";
ssl_protocols <redacted>
ssl_ciphers <redacted>
location / {
return 307
https://anothersubdomain.somehostname.com$request_uri;
}
}


....then clients posting larger than the default client_max_body_size are
sent an error instead. Again, with a 6MB upload:


$ curl -v --data-binary "@5mbRandomData.bin"
'https://subdomain.somehostname.com/upload'
> POST /upload HTTP/1.1
...
> User-Agent: curl/7.54.0
> Content-Length: 6161400
> Content-Type: application/x-www-form-urlencoded
> Expect: 100-continue
>
< HTTP/1.1 413 Request Entity Too Large
< Server: nginx/1.12.2


Which seems like correct behavior in contrast to the first example since
client_max_body_size must be set to 0 to allow unlimited sized uploads,
and the default value is 1m. I didn't see anything in the documentation
about selective application of the body size limit. Is this a bug?

I have client_max_body_size set to 500mb in a *different* server block,
but the behavior above holds true in any size request I tried, which was
as large as:


Content-Length: 10485760000


I am using nginx 1.12.2.

Thanks
Dave
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Nginx not enforcing default client_max_body_size ?

Dave Pedu December 14, 2018 12:10AM

Re: Nginx not enforcing default client_max_body_size ?

Maxim Dounin December 14, 2018 10:36AM

Re: Nginx not enforcing default client_max_body_size ?

Dave Pedu December 14, 2018 12:18PM

Re: Nginx not enforcing default client_max_body_size ?

Maxim Dounin December 14, 2018 12:58PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 273
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready