Tweak suggestion

y2kbug · 2022-11-15T04:00:13.695Z

I have been applying Cloudflare Access to my infrastructure.
When accessing GL routers, NGINX on router shows HTTP 400 “Request Header Or Cookie Too Large”.
Google-ed it says: https://community.cloudflare.com/t/after-succesful-login-with-access-control-400-error-request-header-or-cookie-too-large/268176

May I suggest to tweak the NGINX configuration for that?

Thanks.

yuxin.zou · 2022-11-15T06:40:38.945Z

Can you check how big cookies Cloudflare Access is using? Would clearing the browser cookie before accessing or using the InPrivate window solve this problem?

y2kbug:

Google-ed it says: https://community.cloudflare.com/t/after-succesful-login-with-access-control-400-error-request-header-or-cookie-too-large/268176

Did you add the client_header_buffer_size parameter to the nginx profile as described in the topic? Does it work?

If it passes an invalid and large cookies, nginx may take a lot of time to process it. This can cause your access to be slowed down.

y2kbug · 2022-11-15T07:12:52.832Z

Just tested on incognito mode.
I am sorry but the problem seems to be not exactly on max-cookie-size.
There is a redirection loop.
May I ask if the built-in Nginx handles HTTP to HTTPS redirection, if URL (instead of IP) is used?
Could I “tail” the access log anywhere?

yuxin.zou · 2022-11-15T07:28:50.392Z

nginx does not have no redirects. http uses port 80, https uses port 443. Are you accessing port 443?
The Log page contains nginx logs now.

y2kbug · 2022-11-15T08:10:14.993Z

I have changed /etc/nginx/nginx.conf from the default

client_header_buffer_size 1k;

to

client_header_buffer_size 4k;

and it works now.

https://community.cloudflare.com/t/400-bad-request-request-header-or-cookie-too-large-nginx/285870

Thanks.