Opened 5 years ago

Closed 5 years ago

#1866 closed defect (duplicate)

nginx does not log error if packet exceeds http2_max_field_size

Reported by: sjuhasz.chemaxon.com@… Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.16.x
Keywords: Cc:
uname -a: Linux sonar 4.15.0-65-generic #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.16.1
built with OpenSSL 1.1.1 11 Sep 2018
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-hIpOlr/nginx-1.16.1=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-headers-more-filter --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-cache-purge --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-ndk --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-echo --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-fancyindex --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/nchan --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-lua --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/rtmp --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-uploadprogress --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-hIpOlr/nginx-1.16.1/debian/modules/http-subs-filter

Description

We are using nginx as reverse proxy in front of a sonarqube isntallation.
Sonarqube uses it's own api interface to generate certain reports.
To do this it sends the query as url encoded request, to it's own api endpoint.
The issue happens when the URL encoded query is larger than the default 4k value on http2_max_field_size. In our case it was 5.5k. Nginx did not pass the request to the backend service, neither did it respond with error. It logged:
23/Sep/2019:13:35:38 +0200] "-" 000 0 "-" "-"
and ate the packet.
The directive is from http://nginx.org/en/docs/http/ngx_http_v2_module.html

Change History (1)

comment:1 by Maxim Dounin, 5 years ago

Resolution: duplicate
Status: newclosed

The error, much like most of the client-related errors, is logged to the error log at the info level. Further, the connection is closed with an error at HTTP/2 level. Closing this as duplicate of #1520.

Note: See TracTickets for help on using tickets.