Resolution of a large number of 400 bad request errors in nginx server access logs

2020-05-07 20:57:09
OfStack

There are a large number of 400 errors in access.log, increasing at a rate of several hundred M per day, taking up a lot of space.



tail -f /opt/nginx/logs/access.log
    116.236.228.180 - - [15/Dec/2010:11:00:15 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:15 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:15 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:15 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:15 +0800] "-" 400 0 "-" "-"

    119.97.196.7 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

    119.97.196.7 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

    219.243.95.197 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

    116.236.228.180 - - [15/Dec/2010:11:00:16 +0800] "-" 400 0 "-" "-"

A lot of articles on the Internet say that the HTTP header /Cookie is too large. You can modify the two parameters in nginx.conf to correct it.



    client_header_buffer_size 16k;

          large_client_header_buffers 4 32k;

The modified



    client_header_buffer_size 64k;

         large_client_header_buffers 4 64k;

It didn't work, even if I raised nginx 0.7.62 to the latest 0.8.54.
The nginx author mentioned in the official forum that the empty host header does not return a custom status code, but returns 400 errors.
http://forum.nginx.org/read.php?2,9695,11560

Last modified as follows
Change to the original value



    client_header_buffer_size 16k;

         large_client_header_buffers 4 32k;

Turning off logging on the default host solves the problem



    server {

    listen *:80 default;

    server_name _;

    return 444;

    access_log   off;

    }