Applicable to:
- Plesk for Linux
Question
- How to increase client request header buffer size, in order to resolve common 400 Bad Request errors?
Answer
This can be achieved by adding directives to Apache and/or Nginx depending on your configuration.
-
For Nginx, when a client sends a request line or request header, the directive client_header_buffer_size is used, which allows for header lines or requests to be a maximum of 1024 bytes, by default. This is sufficient for most requests. However, if a request includes long cookies, or comes from a WAP client, it may not fit into 1024 bytes. If a header line or request does not fit into this buffer then the directive large_client_header_buffers is used, which by default is 8190 bytes.
-
For Apache, by default, the directive LimitRequestFieldSize is used to determine the max size of a header lines or request which is 8190 bytes.
- For Apache with Nginx, the request header is first sent to Nginx as it is the reverse proxy, and if you have Smart static files processing enabled as shown in this article, and the page is static, Nginx will skip Apache and send the page straight to the client. Otherwise, if Smart static files processing is disabled, or the client is requesting a dynamic page, the request header will be sent in full to Apache, which will then pass the page back to Nginx to send to the client. This means it will be necessary to increase the value for both Nginx and Apache.
Note: When name-based virtual hosting is used, the value for this directive is taken from the default (first-listed) virtual host that best matches the current IP address and port combination. Plesk uses name-based virtual hosting only. Therefore, if your domain is using Apache, you must apply this globally as you cannot apply it to a single domain alone.The only way around this is to use Nginx-only hosting for the domain in question.
PLESK_WARN: Due to the above note, the preferred solution is the Nginx-Only Hosting option. As applying this globally increases the potential for the server to be affected by DDoS attempts, as it increases the allowed header request size for every domain on the server.
Even if Apache and Nginx are used together, because it's possible to bypass Nginx and reach Apache directly on port 7080 & 7081.
- Log into Plesk
-
Following this article, add an Nginx Directive by going to Domains > example.com > Hosting & DNS > Apache & nginx Settings and add the following line to Additional nginx directives, then hit Apply.
CONFIG_TEXT: large_client_header_buffers 4 16k;
Note: Edit 16k to match the desired request buffer size, keeping in mind that 8k is the default, and that the larger the buffer size the greater the impact from a DDoS attack. Also, in order for this to work you must have Proxy mode disabled for the domain you are applying. Please refer to this article for instructions.
-
Connect to the Plesk server via SSH
-
Create a backup of the Apache configuration file:
For CentOS/RHEL:# cp -a /etc/httpd/conf/httpd.conf /root/httpd.conf_`date +%F`
For Debian/Ubuntu:
# cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf_`date +%F`
-
Open the file in a text editor. In this example, vi editor is used:
For CentOS/RHEL:
# vi /etc/httpd/conf/httpd.conf
For Debian/Ubuntu:
# vi /etc/apache2/apache2.conf
-
Add the following directive as the first line of the configuration file and specify the value (16000 is an example):
CONFIG_TEXT: LimitRequestFieldSize 16000
Note: In case the value of 16000 (16KB) is not enough, increase it to a greater value, for example, 32000 (32KB).
-
Save the changes and close the file.
-
Restart the Apache service to apply the changes:
For CentOS/RHEL:# service httpd restart
For Debian/Ubuntu:
# service apache2 restart
-
Apply all of the steps for both Apache-only Globally as well as Nginx-Only as shown above for any and all domains requiring this.
Note: If a global Nginx directive is needed, follow this article. However, keep in mind that this is not recommended as it makes the server vulnerable to DDoS attacks.
Comments
0 comments
Please sign in to leave a comment.