Resolution of a large number of 400 bad request errors in nginx server access logs
- 2020-05-07 20:57:09
- OfStack
There are a large number of 400 errors in access.log, increasing at a rate of several hundred M per day, taking up a lot of space.
tail -f /opt/nginx/logs/access.log
116.236.228.180 - - [15/Dec/2010:11:00:15 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:15 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:15 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:15 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:15 +0800] "-" 400 0 "-" "-"
119.97.196.7 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
119.97.196.7 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
219.243.95.197 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"
A lot of articles on the Internet say that the HTTP header /Cookie is too large. You can modify the two parameters in nginx.conf to correct it.
client_header_buffer_size 16k;
large_client_header_buffers 4 32k;
The modified
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
It didn't work, even if I raised nginx 0.7.62 to the latest 0.8.54.
The nginx author mentioned in the official forum that the empty host header does not return a custom status code, but returns 400 errors.
http://forum.nginx.org/read.php?2,9695,11560
Last modified as follows
Change to the original value
client_header_buffer_size 16k;
large_client_header_buffers 4 32k;
Turning off logging on the default host solves the problem
server {
listen *:80 default;
server_name _;
return 444;
access_log off;
}