HTTP/2 max header size

Valentin V. Bartenev vbart at nginx.com
Tue Jan 26 11:47:35 UTC 2016


On Tuesday 26 January 2016 15:14:04 Shengtuo Hu wrote:
> Hi,
> 
> I was using "nghttp" command line tool to test NGINX. I enabled
> "continuation" option in "nghttp" command line tool, which filled the
> HEADERS frame with a very large header field/value. Then I got an GOAWAY
> frame with error code of "ENHANCE_YOUR_CALM(0x0b)". Then I checked the
> debug log file of the server, and found "client exceeded
> http2_max_header_size limit while processing HTTP/2 connection".
> 
> May I know the consideration about this limitation? For a client, it may
> not be able to know the precise value of "http2_max_header_size".

Decompression and processing of headers require proportional amount of memory.
The consideration is simple: to limit the amount of memory that can be eaten by
a client and prevent DoS attack on the server.


> Once a  client gets this error, how can it recover from it or request
> the resource successfully?
> 
[..]

If a client gets this error then either it is doing something wrong by sending
incorrect requests, or the server is configured incorrectly.

  wbr, Valentin V. Bartenev



More information about the nginx mailing list