Opened 5 years ago

#1732 new enhancement

Warn for large request bodies

Reported by: Leif Pedersen Owned by:
Priority: minor Milestone:
Component: other Version: 1.15.x
Keywords: Cc:
uname -a:
nginx -V: nginx version: nginx/1.14.2
built with OpenSSL 1.0.2o-freebsd 27 Mar 2018 (running with OpenSSL 1.0.2k-freebsd 26 Jan 2017)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/ --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-pcre --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-mail=dynamic --with-stream=dynamic


Currently, this warning floods our log files:

2019/02/25 11:17:46 [warn] 73578#101263: *13497288 a client request body is buffered to a temporary file /var/tmp/nginx/client_body_temp/0000000957, [snip]

We keep client_body_buffer_size low and client_max_body_size high so we can accept large uploads with minimal memory usage and let the kernel's disk cache sort out what to keep in memory. As a result, this warning describes an event that is perfectly normal and reasonable. The noise obscures more important messages.

On the other hand, there's nothing to indicate danger if clients are sending request bodies that are near the limit specified by client_max_body_size without unnecessarily committing a lot of memory to uploads.

What I'd suggest is, first take out this warning completely. Then add a new setting called (for example) client_warn_body_size. When the body size reaches this setting, emit a new warning such as "a client request body is larger than client_warn_body_size (%d bytes)". That way the sys admin can see when the clients are approaching client_max_body_size and either raise client_max_body_size or adjust the client before the limit becomes apparent to users. Perhaps my proposed client_warn_body_size could default to match whatever client_body_buffer_size is set to.

Change History (0)

Note: See TracTickets for help on using tickets.