Opened 5 years ago
Closed 5 years ago
#1866 closed defect (duplicate)
nginx does not log error if packet exceeds http2_max_field_size
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-module | Version: | 1.16.x |
| Keywords: | Cc: | ||
| uname -a: | Linux sonar 4.15.0-65-generic #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.16.1
built with OpenSSL 1.1.1 11 Sep 2018 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-hIpOlr/nginx-1.16.1=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-headers-more-filter --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-cache-purge --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-ndk --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-echo --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-fancyindex --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/nchan --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-lua --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/rtmp --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-uploadprogress --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-subs-filter |
||
Description
We are using nginx as reverse proxy in front of a sonarqube isntallation.
Sonarqube uses it's own api interface to generate certain reports.
To do this it sends the query as url encoded request, to it's own api endpoint.
The issue happens when the URL encoded query is larger than the default 4k value on http2_max_field_size. In our case it was 5.5k. Nginx did not pass the request to the backend service, neither did it respond with error. It logged:
23/Sep/2019:13:35:38 +0200] "-" 000 0 "-" "-"
and ate the packet.
The directive is from http://nginx.org/en/docs/http/ngx_http_v2_module.html
Note:
See TracTickets
for help on using tickets.
The error, much like most of the client-related errors, is logged to the error log at the
infolevel. Further, the connection is closed with an error at HTTP/2 level. Closing this as duplicate of #1520.