Nginx not enforcing default client_max_body_size ?

Thu, 13 Dec 2018 21:09:51 -0800 

Hello,
I came across some nginx behavior that seems odd to me. In my config, I have this server block: 


    server {
      server_name subdomain.somehostname.com
      listen 443 ssl;
      ssl_certificate     "/some/file.crt";
      ssl_certificate_key "/some/other/file.key";
      ssl_protocols       <redacted>
      ssl_ciphers         <redacted>
      return 307 https://anothersubdomain.somehostname.com$request_uri;
    }



I'm using a 307 redirect to cause clients to retry their original 
request at the redirected destination, particularly for file uploads. 
With the above configuration, client requests regardless of post size - 
even larger than the default client_max_body_size - are redirected. For 
example, a 6MB file upload:




    $ curl -v --data-binary "@5mbRandomData.bin" 
'https://subdomain.somehostname.com/upload'

    ...
    > POST /upload HTTP/1.1
    ...
    > User-Agent: curl/7.54.0
    > Content-Length: 6161400
    > Content-Type: application/x-www-form-urlencoded
    > Expect: 100-continue
    >
    < HTTP/1.1 100 Continue
    < HTTP/1.1 307 Temporary Redirect
    < Server: nginx/1.12.2
    < Location: https://anothersubdomain.somehostname.com/upload
    ...



However, when I place the "return" line within a location block as shown 
here:



    server {
      server_name subdomain.somehostname.com
      listen 443 ssl;
      ssl_certificate     "/some/file.crt";
      ssl_certificate_key "/some/other/file.key";
      ssl_protocols       <redacted>
      ssl_ciphers         <redacted>
      location / {

          return 307 
https://anothersubdomain.somehostname.com$request_uri;

      }
    }



...then clients posting larger than the default client_max_body_size are 
sent an error instead. Again, with a 6MB upload:




    $ curl -v --data-binary "@5mbRandomData.bin" 
'https://subdomain.somehostname.com/upload'

    > POST /upload HTTP/1.1
    ...
    > User-Agent: curl/7.54.0
    > Content-Length: 6161400
    > Content-Type: application/x-www-form-urlencoded
    > Expect: 100-continue
    >
    < HTTP/1.1 413 Request Entity Too Large
    < Server: nginx/1.12.2



Which seems like correct behavior in contrast to the first example since 
client_max_body_size must be set to 0 to allow unlimited sized uploads, 
and the default value is 1m. I didn't see anything in the documentation 
about selective application of the body size limit. Is this a bug?



I have client_max_body_size set to 500mb in a *different* server block, 
but the behavior above holds true in any size request I tried, which was 
as large as:



    Content-Length: 10485760000


I am using nginx 1.12.2.

Thanks
Dave
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx






















					Reply via email to