dealing with unusual user agent behavior

Jaroslav Gresula jgresula.LEAVE-THIS-OUT at gmail.com
Wed Jun 16 22:06:26 MSD 2010


Hi guys,

I would appreciate any help with the following matter.

I have an application where the client sends a POST request to nginx
which passes it to one of my backends. The backend performs
computationally expensive task which can take up to several seconds,
stores the result to a file and sends it back via X-Accel-Redirect.

I occasionally observe two cases where user agent behavior triggers an
unwanted flood of requests to my backends which costs a lot of CPU
cycles. In both cases I'm not sure whether it is a malicious intent,
badly implemented user agent, or a misconfiguration on my end.

Here are access log excerpts:

1) MSIE 8.0 user agent
ip [16/Jun/2010:10:19:09 -0400] "POST /my-app/ HTTP/1.1" 499 0
ip [16/Jun/2010:10:19:09 -0400] "POST /my-app/ HTTP/1.1" 200 285076
ip [16/Jun/2010:10:19:09 -0400] "POST /my-app/ HTTP/1.1" 499 0
ip [16/Jun/2010:10:19:10 -0400] "POST /my-app/ HTTP/1.1" 499 0
ip [16/Jun/2010:10:19:11 -0400] "POST /my-app/ HTTP/1.1" 499 0
ip [16/Jun/2010:10:19:11 -0400] "POST /my-app/ HTTP/1.1" 499 0

My understanding is that the agent sends a request and shortly
afterwards closes the connection for some reason. However, nginx passes
all these requests to backends even though no one is interested in
results. Any idea how to avoid it?



2) MSIE 7.0 user agent
ip [16/Jun/2010:08:36:22 -0400] "POST /my-app/ HTTP/1.1" 200 262539
ip [16/Jun/2010:08:36:32 -0400] "POST /my-app/ HTTP/1.1" 206 131271
ip [16/Jun/2010:08:36:32 -0400] "POST /my-app/ HTTP/1.1" 206 32820
ip [16/Jun/2010:08:36:33 -0400] "POST /my-app/ HTTP/1.1" 206 98455 
ip [16/Jun/2010:08:36:35 -0400] "POST /my-app/ HTTP/1.1" 206 164090
ip [16/Jun/2010:08:36:35 -0400] "POST /my-app/ HTTP/1.1" 206 65637 
ip [16/Jun/2010:08:36:36 -0400] "POST /my-app/ HTTP/1.1" 206 196906 

Here I'm puzzled because I thought 206 is allowed only for GET
requests. All these requests for byte ranges are passed to backends
which causes a lot of unnecessary work. Is there any way to instruct
nginx to not allow partial content in this case (X-Accel-Redirect
returned from POST)?

I use nginx 0.8.32 + FastCGI

Thanks,
-- 
Jarda





More information about the nginx mailing list