Ok, thanks, I will look into tcpdump. In your opinion, in principle, is what i am attempting feasible?
>In the second case, 30 seconds after the response was sent by nginx, the
>request body still wasn't received and nginx had nothing to do than just
>close the connection.
This suggests to me that although i am attempting to intercept the request header and reject it if there is insufficient space (auth_request) the whole request must be received anyway so if the file is large enough such that 30 seconds isn't enough time to receive it all then the connection will be closed.
Even if i can increase this timeout I really need to find a solution that will protect against the entire file being received unless there is space for it, these files can be up to 10GB in size.
I perhaps need to look again at a 2 stage process to validate the space available (GET) before attempting the upload (POST).
Many thanks
Gary