400 and 408 in the Nginx log

Our project has been done with nginx reverse proxy, recently found a large number of 400 and 408 log some 443 port in the log, the 408 response time is about 60s, so tidy about this problem:


There are 400 reasons:
1 if the client closes up the connection or other error reading data to the client, it returns a 400 error
The 2.ngx_http_process_request_line function, if the ngx_http_parse_request_line function returns an error, directly to the client to return to the 400 error, progressive parsing error
Similar to 3.ngx_http_process_unique_header_line, the different point is the function checks whether the request header is repeated, and if so, then to the request to return to the 400 error.
4.NGX_HTTP_PARSE_INVALID_HEADER, Said encountered error request header parsing process, generally for the client sends does not conform to the protocol specification of the head, the nginx returns a 400 error
5.ngx_http_process_request_header()Function, this function is mainly to do two things, one is to call ngx_http_find_virtual_server () function to find the virtual server configuration; two is to do some agreement on some request header check. As for those who use HTTP1.1 protocol but didn't send a Host request to the head, nginx request to return to the 400 error
6 the first byte detection: if successful view 1 bytes of data, through the first byte to detect the received data is the SSL handshake packet or http data. According to the SSL agreement, the SSL version information handshake packet first byte contains the SSL protocol. Nginx according to the judging is SSL handshake or return to normal processing HTTP requests (actual returns the response of 400 BAD REQUEST)
7 normal HTTP protocol packet processing directly call ngx_http_process_request_line for processing HTTP requests, and read the event handler is set to ngx_http_process_request_line. (the processing result is returned to the client 400 BAD REQUET, in ngx_http_process_request alone treated plain_http markers on r->. )
8 if SSL finished (c-> ssl-> handshaked by ngx_ssl_handshake () determine the handshake is completed set to 1), setting the read event handler for the ngx_http_process_request_line, and call the function of normal processing http requests. If the SSL handshake not finished (the SSL handshake error), 400 BAD REQUST is returned to the client.

There are 408 reasons:
1.nginx to read the request headers have time-out limit, ngx_http_process_request_headers function as a read event handling function, together with the timeout event, if read timeout, nginx directly to the request to return to the 408 error
The timeout settings between 2.nginx core of two times the request body reads, the client_body_timeout instruction can set the timeout, the default is 60 seconds, if the next time you read event timeout, nginx returns 408 to the client.

Posted by Addison at May 02, 2014 - 9:17 PM