Welcome! Log In Create A New Profile

Advanced

Re: flood detected with file uploads over http2

Jasper Wallace
December 17, 2019 08:40AM
Hmmm, maybe it got packported by Debian...

I think we'll just disable http2 for the time being.

On Tue, 17 Dec 2019 at 09:13, Ruslan Ermilov <ru@nginx.com> wrote:
>
> On Mon, Dec 16, 2019 at 05:45:55PM +0000, Jasper Wallace wrote:
> > We are having intermittent problems uploading files via nginx to a
> > flask backend over http2:
> >
> > 2019/12/16 16:07:08 [debug] 27658#27658: *1 event timer: 3, old:
> > 1576512608187, new: 1576512608301
> > 2019/12/16 16:07:08 [debug] 27658#27658: *1 http2 idle handler
> > 2019/12/16 16:07:08 [info] 27658#27658: *1 http2 flood detected while
> > processing HTTP/2 connection, client: x.x.x.x, server: 0.0.0.0:443
> > 2019/12/16 16:07:08 [debug] 27658#27658: *1 http2 send GOAWAY frame, status:0
> > 2019/12/16 16:07:08 [debug] 27658#27658: *1 posix_memalign:
> > 0000563642B8EE20:512 @16
> > 2019/12/16 16:07:08 [debug] 27658#27658: *1 http2 frame out:
> > 0000563642B8EE40 sid:0 bl:0 len:8
> > 2019/12/16 16:07:08 [debug] 27658#27658: *1 malloc: 0000563642D0A870:16384
> > 2019/12/16 16:07:08 [debug] 27658#27658: *1 SSL buf copy: 17
> > 2019/12/16 16:07:08 [debug] 27658#27658: *1 SSL to write: 17
> >
> > Is there anyway of getting information on what might be triggering this?
> >
> > We've changed some defaults:
> >
> > client_max_body_size 10m;
> > http2_body_preread_size 256k;
> > http2_recv_buffer_size 1m;
> > proxy_headers_hash_max_size 512;
> > proxy_headers_hash_bucket_size 128;
> >
> > Client is Chrome:
> >
> > Version 78.0.3904.97 (Developer Build) built on Debian 10.1, running
> > on Debian 10.2 (64-bit)
> >
> > openssl:
> >
> > OpenSSL 1.1.0l 10 Sep 2019
> >
> > nginx:
> >
> > nginx version: nginx/1.10.3
> > built with OpenSSL 1.1.0k 28 May 2019 (running with OpenSSL 1.1.0l
> > 10 Sep 2019)
> > TLS SNI support enabled
> > configure arguments: --with-cc-opt='-g -O2
> > -fdebug-prefix-map=/build/nginx-DhOtPd/nginx-1.10.3=.
> > -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
> > -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now'
> > --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf
> > --http-log-path=/var/log/nginx/access.log
> > --error-log-path=/var/log/nginx/error.log
> > --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid
> > --modules-path=/usr/lib/nginx/modules
> > --http-client-body-temp-path=/var/lib/nginx/body
> > --http-fastcgi-temp-path=/var/lib/nginx/fastcgi
> > --http-proxy-temp-path=/var/lib/nginx/proxy
> > --http-scgi-temp-path=/var/lib/nginx/scgi
> > --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug
> > --with-pcre-jit --with-ipv6 --with-http_ssl_module
> > --with-http_stub_status_module --with-http_realip_module
> > --with-http_auth_request_module --with-http_v2_module
> > --with-http_dav_module --with-http_slice_module --with-threads
> > --with-http_addition_module --with-http_flv_module
> > --with-http_geoip_module=dynamic --with-http_gunzip_module
> > --with-http_gzip_static_module --with-http_image_filter_module=dynamic
> > --with-http_mp4_module --with-http_perl_module=dynamic
> > --with-http_random_index_module --with-http_secure_link_module
> > --with-http_sub_module --with-http_xslt_module=dynamic
> > --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic
> > --with-stream_ssl_module
> > --add-dynamic-module=/build/nginx-DhOtPd/nginx-1.10.3/debian/modules/headers-more-nginx-module
> > --add-dynamic-module=/build/nginx-DhOtPd/nginx-1.10.3/debian/modules/nginx-auth-pam
> > --add-dynamic-module=/build/nginx-DhOtPd/nginx-1.10.3/debian/modules/nginx-cache-purge
> > --add-dynamic-module=/build/nginx-DhOtPd/nginx-1.10.3/debian/modules/nginx-dav-ext-module
> > --add-dynamic-module=/build/nginx-DhOtPd/nginx-1.10.3/debian/modules/nginx-development-kit
> > --add-dynamic-module=/build/nginx-DhOtPd/nginx-1.10.3/debian/modules/nginx-echo
> > --add-dynamic-module=/build/nginx-DhOtPd/nginx-1.10.3/debian/modules/ngx-fancyindex
> > --add-dynamic-module=/build/nginx-DhOtPd/nginx-1.10.3/debian/modules/nchan
> > --add-dynamic-module=/build/nginx-DhOtPd/nginx-1.10.3/debian/modules/nginx-lua
> > --add-dynamic-module=/build/nginx-DhOtPd/nginx-1.10.3/debian/modules/nginx-upload-progress
> > --add-dynamic-module=/build/nginx-DhOtPd/nginx-1.10.3/debian/modules/nginx-upstream-fair
> > --add-dynamic-module=/build/nginx-DhOtPd/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module
>
> nginx/1.10.3 doesn't have HTTP/2 flood detection. It appeared
> in later versions.
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

--
Your hydrogen & fuel cell partner
Arcola Energy Ltd, 24 Ashwin Street,
London E8 3DL. www.arcolaenergy.com https://www.arcolaenergy.com/ / +44
20 7503 1386
Registered in England and Wales, Company Number 7257863, VAT
Number 110085273. Copyright 2019. Confidential and Proprietary. Not to be
disseminated or copied in full or in part.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

flood detected with file uploads over http2

Jasper Wallace December 16, 2019 12:48PM

Re: flood detected with file uploads over http2

ru@nginx.com December 17, 2019 04:14AM

Re: flood detected with file uploads over http2

Jasper Wallace December 17, 2019 08:40AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 82
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready