Increase request header size

We are experiencing 520 errors with requests where cookie header is greater than 5473 bytes.
Is there any way to increase header limit to allow at least 8k bytes?

The header limit should be 8k anyway, see here…

Is the total header size large as well?

Pasting all the headers in a text editor, we have 6234 characters length, where Cookie: header is the longest with 5473 characters and still having 520 error from Cloudflare (we have “Free plan”, if it is important for this issue).
Of course, if we bypass Cloudflare and try the request directly to our proxy NGINX server, then it works fine.
But our adds system use long cookies for different consent and can reach easily 4.000-5000 bytes long

If you make the request through Cloudflare, can you see it arrive at the server? Looking to see if it is the response that’s causing Cloudflare to return a 520 or the request.

Using Firefox and Chrome (this one with long “Cookie:” header).
Requests sent from Firefox (with common “Cookie:” header size, 1029bytes) are correct and served with 200 response code and logged at our NGINX proxy.
Requests sent from Chrome (with “Cookie:” header size 5475 bytes long) returns 520 error cod and not logged at our NGINX proxy. Just remove a character from “Cookie:” header and it works find returning 200 response code and logged at our NGINX proxy.

Will need to see if there’s any other ideas. In a quick test I can send a single dummy Cookie header up to 8190 bytes long to one of my proxied sites on a free plan no problem (200 response), bigger than that then curl throws an error.

1 Like

Maybe the issue could be related to SSL/TLS. We use Full SSL/TSL encryption mode, so requests and responses are encrypted between client and Cloudflare and between Cloudflare and our servers.
We have checked the behavior of requests with long headers with https://test.entersoftweb.com/cookie.php that just return all cookies. This domain is under Cloudflare proxy service with SSL/TLS encryption mode set to Flexible and the response is 200 code for request headers 6.000 or above characters.
But if we change SSL/TLS encryption mode to Full then we have 520 error code response.
If we override DNS lookup using hosts file and setting the final IP of our servers to reach them directly then we have 200 response we long headers.
So we think the problem occurs when using the Full SSL/TLS Encryption mode

1 Like

Use only “Full (strict)” so that SSL certificate on your origin is validated by Cloudflare - only then is the connection fully secured.

My tests were done on one of my sites (so via HTTPS and I only use Full strict) and it was ok for me, so that shouldn’t be a reason in itself. But if you are getting different behaviour maybe that’s a clue. If you are using Flexible then requests will arrive at your origin as HTTP, even if they query is made using HTTPS.

I’ll have a poke at your test site as you have given it. Can you confirm it’s set to Full (strict)?

1 Like

Now set to Full (strict) SSL/TLS encryption mode and request with long headers does not reach our NGINX proxy, but using short header does.
Try to override Cloudflare using IP 93.174.1.50 and both cases (longer and short headers) will work

Requests direct to your origin throw an error when I use curl with the long cookie and HTTP/2 (hence the “empty, unknown, or unexpected response to Cloudflare” 520 error).
curl: (92) HTTP/2 stream 1 was not closed cleanly before end of the underlying stream

If using HTTP/1.1 it works ok.

You can check by disabling HTTP/2 (*) in your Cloudflare dashboard, then either leave it like that or find out why your origin doesn’t like the long cookie for HTTP/2 requests.

(*) added…

That is, HTTP/2 to origin…

2 Likes

That was the key, HTTP/2
We forgot we had to configure header size for HTTP/2 in NGINX using http2_max_field_size and http2_max_header_size.
Now it seems everything is working now as expected.

Thanks for the assitance.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.