[pve-devel] Proxmox pveproxy - "to many http header lines" - issues with Cloudflare + latest Chrome
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu Jul 2 08:27:37 CEST 2020
Hi,
On 02.07.20 03:46, Victor Hooi wrote:
> Hi,
>
> Google Chrome is rolling out some changes to headers (UA-CH - which causes
> extra headers to be included), which seems to be unearthing some latent
> issues with Proxmox.
Dominik looked into this, and it seems that not only Chrome is at fault -
current beta comes at ~16 Headers. But, with an Proxy in front it may come
over 30 headers it seems.
> From an old PVE/HTTPServer.pm, somebody mentioned it might be this line:
>
> https://github.com/proxmox/pve-manager/blob/master/PVE/HTTPServer.pm#L37
>
> (I'm having trouble using the new git.proxmox.com interface to search the
> code).
It's rather the old git.proxmox.com, we never had anything else ;)
>
> Is there a specific reason the header limit is set to 30?
Not so the special reason for the number 30, AFAIK, it's just that
having limits it's good in a performance critical section like accepting
connections, so that "bad actors" can be thrown out early.
> If so, would it be possible to file a bug request to amend the limit?
I increased it to 64 (2^6), it doubles the amount possible and as the
total 8KiB header size is still in place one cannot really sent more
data as headers, just more header lines.
Thanks for reporting!
cheers,
Thomas
More information about the pve-devel
mailing list