Open kate-osborn opened 1 week ago
Hi @kate-osborn thanks for reporting!
Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this :slightly_smiling_face:
Cheers!
This seems to be relevant to #5317
Describe the bug The
client-max-body-size
set on a virtual server upstream is not enforced when the following is true: (1) the directive is set in an internal location block, and (2) the value is greater than the default value of1m
forclient_max_body_size
.To Reproduce Steps to reproduce the behavior:
client_max_body_size
to thetea-post
upstream. Set it to "2m"./tea
with a payload > 1mExpected behavior The client-max-body-size for the tea-post upstream should be enforced instead of the default client-max-body-size.
Your environment
NGINX Ingress Controller Version=3.5.2 Commit=90d40829ca0b92e4a8ebcc36415c220e72da7405
Additional context This bug was initially found in NGINX Gateway Fabric and may apply to more than just the
client_max_body_size
directive. The underlying issue is that nginx checks the body size of the request twice -- once in the external location block/tea
and again in the internal location block that actually proxies the request totea-post
. If the request body exceeds the max body size in the external location block, a 413 is returned without nginx ever redirecting the request to the internal location block with the greaterclient_max_body_size
. Even ifclient_max_body_size
is not specified in the external location block, nginx will still check that the request body is under the default value of "1m". This is why this bug only applies when the internalclient_max_body_size
is greater than "1m".Related: https://github.com/nginxinc/nginx-gateway-fabric/issues/2079 and https://github.com/nginxinc/nginx-gateway-fabric/issues/2105