XF 1.5 Embedded Base64 Images Causing Some Problems

[DeltaHF]

For some reason, several of my users have been trying to directly embed Base-64 encoded images into their posts. The XF image proxy attempts to process them, but it fails, breaking many other resources on the thread page including smilies, avatars, even stylesheets (they show an ERR_CONNECTION_RESET in the Chrome dev console).

When I've tried this in the test forum here, the image proxy appears to fail gracefully and display the software's regular broken image placeholder.

Why does my site behave differently? I'm using XF 1.5.6, PHP-FPM 5.6.18, Nginx 1.9.11, with PHP GD set as the default image processor.

 

[Mike]

It's very difficult to say. That's an invalid URL, so there shouldn't be any work/fetching going on in the proxy. Can you show a demo in your situation?

 

[DeltaHF]

Yes, here's a direct link to one of the aforementioned posts. The embedded images are broken along with many others on the page. Refresh it a few times and even the stylesheets will break - I didn't notice any consistency as to what failed.

Here's the raw version of that post (I wasn't able to try those exact images here because of the 1,000 character limit).

 

[DeltaHF]

OK, so I just did another test on my site with a shorter base64 embed (the same one I used in the test forum here), and it failed gracefully...

Could there be some type of bug which causes the image proxy to fail if the encoded string is too long? I have a high character limit for my posts, so it will accept very long encoded strings for the image in the post's text.

 

[Mike]

This is actually happening independent of XF. You can trigger it by just sending a long URL to Nginx. For example:

https://www.gtplanet.net/?x=2F4AAQSkZJRgAQIDBAUGBwj%2FxABIEAABAgQDBQYDBAYIBAcAAAABAhEAAyExBBJBBSJRYXEGE4GRocEysfBCUtHxBxQjYnLhFTNTgpKiwtIWQ1STc4Oys8PT4v%2FEABkBAAMBAQEAAAAAAAAAAAAAAAABAgMEBf%2FEACMRAAICAQQCAwEBAAAAAAAAAAABAhEhAxIxQRNRFDJhBCL%2F2gAMAwEAAhEDEQA%2FAOfJAPF%2BVXh1YJFmNmr7wpU4KbKlANywcuK6igaGxNDNY9IYE7BTghyXzGib2uaDiSL8Itc%2B6bAmtW5v9corkArEtwCXUwoN1kpcU0YqPQm5hnaGMskPUB3udOHvE1YC9mTClZzEgajnp8jFwhIctUKTTq5fy5xRYBQY0L6Ma8%2BfCLVeNShQSXYh3Z6F2cfXOCSAloUcqgCXA6OBy0pxiBMxIBSVOpvvXBPHi4dxAw6gC6FEiht4ac38hEvHSgUlRrZ6VLNUcK8oQ0Q9qAshaQH3hQg62fjU%2BZgYUkMLnzp9UhG0VlEpCQ%2BVy9NR8LtahFORhElSixT0IPlfTWGuBUSJyCHa%2FwCNm42PrDmCxBsWaoL0AHThd%2FCCnJdPMVLatVurfKGNlsSWci78wa3Dsw1hcgiwn4bMaF7mo%2BQrS8UiypK1JYWbq%2FG1W1%2FCL2VMBL0eibA1FRVubHxeIOIClELVarvTeBIJYhwCTTViIUWNEFCloJAS7HLWoH7tKF7%2FAEYssNiAtOWYnNWw4jys8QVmjkkMoEivn1Zh48oewz5cz1qRY0GhfxOlocuAaH9pYYDKWDkFt5%2FhZ9LMXc8NYjiWrKCbElOn4V%2FLjDmIxBzEAkgEnSjje1LWhS1gHM2UBk0Bqq92YbrU8auYEqQqIaZlwWU1w3A8ej1h6dPchgARx4dfCGp6iC5oCL1Y3AvfX1hpFVMVeDhuvjDGSiaElT6MOejfXpCpSza2tuTtQtCVFxVmL%2BlnPnQnWDkJratdK0c318eAiWJolok%2FCTTQnqHfyB9IZl30FaFnflTq3Qw%2FnsFXvwJY0A5%2FjeIsucAQpNaVcXLmtrmhp86jNBQ8UAB%2FukM5atcuteF9IT3u4pwz1oQzG556UD3gpy060FAXr66fnDalHhUfvOB0FafjDQqH5kygJazluetLsT5wUmY7OrUvQ0Pq6S4YtESTLYEMamnzHhD%2BHWBoHZrVtVxwZv5tDodk%2BXLAUd0fCHY2Kb9afKFJAJve124g9OXziLi8pJYkeXxAkC9aACFyFEB3D10cfO7twteAY%2BuYlBcudHazMHpVh420LRQ4%2FBlKElMwLBS5T8JYObPUBn48rxYiYZjlZLix4KAyvT7J%2BXWIOJkFUkLSoZkbpSKKqN4uL6mtamKiqBUinEwiBBBZ%2BngRtQy3m4cJJLF9bXsW4U06xDxEhIAyv0U3ClRTlEsz6MSSba2a0FhsKkEKNMpobHSoro44%2BkRwSSpJUJbkMQKEG2Zy9qDdPmaxUYhRJJoNB0FAX94uJiO9kqUk1zUpTdoxAFAQXtqNIpO7IJfx%2FKCJRIlAggi7Gh6Es3r5RYY1KlBJAcFLO5IB15B7uREbCySUu%2FJqcG%2Bn5RZ4Yht74XAa9FUCS2rmCTFZEkSFaXDEU8fH%2BYi7kqKQEqANK0rvODDGAw29aofdI5fiOg8oWUlyC40%2Fn5%2FXCbsCQcOCLukNRvLl%2BcM4rCOndAVqXH01aecPSnCBxto9KeOkNSZuY0Ng7HzD62eIAKXLdyk9OBd9OP0RaIqMH3alM5SouC4ID1bi%2FXjq0SgFZRoU3FT7cj5xDlyCCVlZLgA5vBhm4i1b8bw0OhuRNypmHQLN6hybuKiw1p5w7Inp7pBZWqTS2YkM7XavNnpFb3romgtUuDbU3Ov84kplkSkpZill2414fvRVZDsLGYfLQsAaOaAG1SNH9DB7OJlhrjUhjeuUa2c%2FnFhMnpyHNmdRQaWsoGj8Cw61IhOFwC5rd2KklwlO8WruhjmAaqg4ZYvC6BoTMwSS6ikktUk8KAksHow%2BZg07PKswQVIzEZJbOxRlUFKUQQ4SQVZa04VFgJiZcxSC4QqUQQxcuKA94H0Cn4kUivlyAMqiQpL2zAbxdg5Bu3WhgQUVa8OsEuCEslYdyCFMzXDsb8uMEmUohwG0cgUo5HWr1q3WLvEy8%2BcqynLLyoLKSAAd3Qbwz0elhwERMXPSghgrKreD3JplDVbkdQTFDGASwL0bQPWz3rZoJ2IJAqfEipHDj8oLEKVlG6RQEghjlNjbXjBJmcvR9NeBtEEj8wEvQq66sA3UH2huUirpJvq%2Fgx8v5Q3LmkA6AUYMKP5NB96BzcfXj%2FOFQWOTJJ%2BFy2hqACKPSESU73EW6njQwtTCpDkAEPaj16gk%2BUFLmhyQb1rxa1Pn08RIQUwEkg2NlPZqZSBesNmSEkMavZtBUc6AGvKCOIOVTk0Zw12NOdoZxM1KSciqE1IfTmoevUV0pIB3FY%2FKndFSWci3AgamvpFdiccT8JyHUJ3WVUULuzMW0IqeIDE8tx%2B1Z%2BKObETFqGiHZI%2Fuig8o1hpOREppHdP1qW7d4h%2BGYP8AOH0l6io5RwbCYOWaFA94usH2dBrInTJKuINPMMRGz%2FkaV2StU3P6RVD9UyG0yahJ6JeaR0PdN4xybaCKjqfQt7esabacnHIShOJnCbKzOgvmOYDJcjN8Mw3MZrHKqC%2Bj66194IR2qiZOyMxGUvUa%2BA%2FGHMVtKcHEtRSGc5aEk6OK%2BXrCJyhSp104UOvKGFyznpUnXRKeXNtecWm%2BBCZEmdNLrUonid4h%2BZNPOLnA7DWph36h0Wr2TCcMigAjT7MwqZTTJywlHO1wDzJq4AuxpGyhGKuROWyu%2FwCDMSofs55PLvC%2FkoJHrFVjti42RWYJoHFy3n8JPQmOgI7dbOl0eYrmEf7lAxcbN7c4CbQTcj0aYkgeJDpHiYwcl0iqOJTNoTRQrmBrgkiIylKJJNT0BMd32v2IwmJTmQlKSQ6VILpPRjQfwsOIMc27SdgcRh3MsGYnl8XgftdKH92BOwoy8o0qz9B%2BEJmqYOGHhCZSa1oXYuDTi4vSCxLAlKSCAWcOAQLEPXnDEJzE70Jwjd4ApWUE1Uzs%2BrOPnByTWGlJLwAWWInoyPLWSaAhSMt%2BDE%2BrRHk4wuxZoaEshBflDaU2hAT52KIUAPGH52I3A1CS0QJ6CSCxsIWASluYirAmLxKyUAqJypCal7lS%2FD4tPeE9%2BEzBZ6VardevzhwZd1kspjnLkurMWNbbuWghqfhsygXYC5v0Yak8IANHsftRi0t3c%2BaC7ZSe8D8Mq3EabDdr1Spg%2FWJCpKjeYlCkoU%2F9pLUwJL%2FGlQPEEUjD7Pnh3QMo4j4lHiVirdGEdJ7LYTvACtCCnipILvoKOTyhvT%2FzuGnmjLfpR2iJysMtFR3awdRVSLKIqCByI1AIYY%2BSkPycNbiQx9Y7N2j7Fy50opknuySSUqByEt8QJGZB6Fr0jl21tgT8MvLNllIJufhJFXSqxp5MLRlEobwm7XUEmlfsn8BGs7A3TY0BpapBp5xlNnIcgmjuGb%2BLWNd%2Bj8fB0T8xFPga5OmQIUIEcxZHiJj8UpDBASVFzvFgAOIcPXQGJQMU3aPakrChM2agKBOUbuYgh1Bhzr6QtOm8hLg5R2k2QszlzJq88wqdRH71UnoQKcLaRDEqCk4xE%2FGzZxT3aTmWlNgAGACm43I4iI8rbYzqCkuM26RSmjv849CEoJZOd3ZPxZUiUVpuG04ltesUmzsDiMZOTJllUyYq2ZRbi5JsKHyjXLkFeE74MJEwTEFTEsUhTnQUyOQeMZmRtFUlalYfEFLgg5UKBAYjKHdgXZ3ETqyTeAiiXsTBTJc2ciY7y2BqSBVyz%2FwQeMluryHkAIf7O4mZM75UxTqUzlXxKO8XrW6z5xa7Ow0pSJqlrQiYmYGCvtJL2dwoUU45JvaI6KJnYXZqJillUvvFjKwdO6CVkne8PJoPtli8Ph5qpK5RSpYSrMMjCpGYs1NP7p4l6RO1zIWVyf2em8sKCrs4ShLN1MUv9KLm4k4jE%2FtFMWZiHSGQABQAHjrWEm0wL2RPRKGdVfupe566Difdorlzp2MWVKUyUhnslINWSNKeJ1OsVAnLWGNyonWuZqN1fzjXSMKiXKAW%2BUXCbrUbj1HOw5ipz3DijNYvZ8sUCyTzZvlFcuWpB9xHQtm7FXigcmAl5GO%2BGC35KBqQaPUXuRGW2rstUiYZSwoA2zXHI8xyuGMZ%2FgUPdne1GIwxeTMIq6kXSeeU09%2BBEdX7N%2FpGw%2BIARPyylkXP9UrxPw9DQcY4Sl0LbUFosUzOIbmPnyh0mI7f2m7FSMUHyhK1Ci0EZuTU30s5rVrcuPbf7Mz8Iv8Aah0E7qw%2BVXInRQ1Sa%2FOL7st2ynYRkq%2FayXqgm3NB%2ByelH01HVMHjsJtGUoApWlQ3pawyhyUnkbKFtDEu4j5PPGbpDYJ4avwjb9uewS8GTNlkrw5N%2FtS3oEq5cFeBbXIBIEWsiEKW4oL%2FAFpASKWhzMIUFiGASZxFx6%2FjDgm8vrwhIWIWlcABrDJStxUqo5cZGd6c4JaiUgca%2Bf8AKGMbNIQ2hP4P7ecR8FOJWgOWKgPAsILA0%2BzMI6ko0528eUSNv9oDNmCXLWpEpFEBJKX%2FAH1M1TdjanCIO1ceEGYhPxPlP8JAJ8w484pZIeYDyHtGuq1hIUTZ7J7c4uQGE%2FvEht2eO8vbfcL4Cqo3nZztTJxwVIxMtCVKIATmzIXwyvVKnt83jiEtO6ocn9YkJUpCgoEgGvjr%2BMYOKZZv%2B2nY1eGedIzLkXIqVS%2BrXT%2B958TJ7DkAIsKJZzo40iF2c%2FSBNlMmd%2B1RZQUXU2rKNFdDexPCZNmSpU9Jw8yX3EwZ0FVchdJVKUAQUlOYEA6EDQmHvk47ZDiqeDo4V9MYEUsvbKWDzZJPEKIHg7%2FOCjlNaZCV2olgfCuz1b2JMZP9Ie2RPw6QkKl5JjlUxNGIUnRy7tpxiKJx4mG8UO8SpJAIUGLn2A94Iwadjk4tGawexFzEBeYqSpRSk92vKVCpAJAFBUksAAaw1P2ShBPeKZvAcm%2B94GLPaM5WHw4QoqmIcJTvMUNmIykp3bmwjMzsVLJcy5h6zX%2BaHjqTRytF5hgnuxkUrJYAA6nga1Ivq3KFysCgnezEniUt4B2igl7QQm0tX%2FdOlrJh8baH9mfGYenCDcgNTj8AMOhC5rSkqDuU524BQQVKSS4oU6jm1Pi9pyk0cr5pHrUi%2FSIU%2Fb4WgS1SsyQXAzqFbPRn%2FvPEQYqU7nDj%2FuLHyhWMsztDDDdXKnGv2ZqAK8shd%2BsVM7EJKlFKChJsM2bzLB68hDwxsj%2FpQTxM6b8gREPGTUqW6JYlhmIClqc8XWSeTClIVgWGxEZlg8CPn%2FKNJisQlU7uirKSUSxyzkZlPyC%2F8ojN7FVlPiD5GJu3gZeJTMAf4ZgsHybxDnVgPOGnTH0dwwW3JMmWiVLT8CQMosA1BR6MCB0AZzGL%2FSTiJOIlS5sv4gQo8Q5ylPqD4Q9hSTlKlbqgFy1OA40IzMC3wlJLg6FiIidoZYMlzUOkJsXJU5NzfIqopRTRCWS8Uc22shlA8REuVMBAPIQO0yAnJ4%2B0V2HnFqOW4VjTgzLZJB0iZhJxQQpCiFCxBYjxijGKa%2F4Q6jaA1I8xBYHRcL27WZCpGISZoIZKxVViMq0n%2BsSbEEgkE1djGAny5YUQZoSXtlUoDlmSC7Q4naKcpLOBqA7aX0inXMCiSS3gYWFwBbIwqSKTpPiop88wESpOxJqvgVKX%2FDOlfIrBigSpIBrccDBjEJAAv4NDsDTSuy2LV8MlR6KQfkqsFO7M4tNDh5teCX%2BUR9nbCmTUJmJQgJIdLqAcWfjpFtK2PjUjdms1gmaoeAsBBZW1lFjdl4kICFSJoZSlVB%2B0Ei3RA9OEQhsqeK90seH4xtJeydoG%2BJWOXfTT8oa2phsdIkrmqxE5QQzhM2a7EgE1agdzyeEG1mTWFmYVTAXJD0YHT3iUk0hqft2dOHdlc1YJFFTVEOC4oS14fnYKchbGSspNlJTmcHUD5h%2FGzuxDMonMSke0SUBWrVhzFYOamYmWlBcgEhTJyvZwCWOrcGjR7L7IqmSkrWogqdspQAzkA71bB4LRSi2Z0J4tFlsGQ80AG7u1CwB1FRXnV40MnsWgXUT1WP8ASItcJsASxuBCeNST4liYTkqLjHIwiWQGD%2BZPqYKJ%2FwDRx%2B8j1%2F2wcZG1mC7%2BFd%2FFSrHK4J8obXtBfLyEa7kczj%2Bk%2Faw7yUpOtx1H0RGMXF%2BvaS9Ft0aKnFySd4PzgbJaIbwIKA8IQqLzD7CJSCpYSSHZhR9PiitwmFJYkU5kD6ETiojh5j8YVlJexw7DH9qny%2F8A1BDY6HrOH%2BH%2BcIKzy8%2Fwg0zPqp9odjx6IqFd2sgmj5TzHH5GNhgcGjHSRJUrLNR8KmdxpR69NQTqBGSxUrNUO%2F8ACqv%2BWBg8StCg2YKFiAT4GE1ZKdM6DsjYmKwqSj9clpl3yqEtaQeIRMdb9EAwnaKysuSooBJzL%2BJaiwKiNKAAJ%2BykAREwfa%2BcpGRclUynxZCo%2BbP84YxaMZPDpkTG0cZfmPaHF0VS6Iy9qpSSNX0Igjt4DQ%2F4v5QhPZPFm0gDrMA%2F0w8jsVizdEsdVv8A6RFWTTGz2iOg%2FwAxgJ28o%2FZHmfxiajsJivvSR4KPyVEuX2Eni86UOks%2B6oLHtZTYjaSpiVIUBlUCCK68HN4yGJklBKVD%2BY4iOoI7DTNcU38MtPvAm9gAsNMxUxQ4BEv03XHhCDazlbxL2Vs1c%2BYEIB%2FeID5Rqo%2B3GOjI%2FRrhtZs4%2FwCEf6YmSOwuGQGTNxAGuWYU%2FwDpaECgPYNc1CUoRmSlICQOQoB5RZyZs7U%2F5orkdkMKPtTz1nL%2FABh0dlMIPsLPWYs%2B8TtZvuLLMvVYHVYHvDs6WFJUlcyUUqDEGYliCGIvrFYnsxhB%2FwAkHqVH3h1GwML%2FANPL8n%2BcG0HI5N2h2MrBTynMFyzVC0qBBT90kWWNfPWNV2a7WJEsInKWALLQopPi3v4EWjZf0Jhv%2Bmk%2F4EH5wqXsrDpth5A6S0fNobVkRTTwZjDz5MyZkklgo781VWBqS5uo6DjyeNakyGCUzCwYBgKAaX4Q4hCQN1KQ3AAQoqhbS7EZJR%2B3NPl%2FugDDSjos%2BIhSlwM0PaFhjDS%2Fur8x%2BECE5%2Fr6MHBtQWzODsfJFyfOHP8AhHDa%2B34RdGV9MIBSfr8oZG0qE9lMKNIWezWFH2Ys2PD%2FADQAknT684A2lWnszhL90k%2BEOo2DhB%2FyU%2BUWCZfIQaU8oB0iENk4YWko9IWNnyNJKD4CJdOEE%2FIQUwI36kgWkyx5fhC5eHT%2FAGSB5Q855QM0KgDQP3Uj65Q4JjaQ3nMFWCgH%2B%2BMF3p4xHg8sOgHlTTxhOfnCMn00GBDoBeeCCoTlgZIKAV3kDN9PBZOsEEwUAeblAeDyQMsFAEFQnNDmWBl6wwEwC8OJD8YATwEADbwKw4BB5W%2FOCgGoMCF5YDdIAENBZYcAeAYAGSmBDwQYEKh2IMEq3j7wIEIQR94MQIEMYl6nrBn2MCBAICoLQeHtAgQwCJhUv2HtAgQAKUPrzhK7QIEIYuEkwIEMQZFYcN4KBAAQP15wDAgQDEJMB%2FnAgQmMS8L%2BvWDgQCFJgl%2FXlBQIAD%2FCHkiBAgANIvC0oHAQIEIQrKKUFjC8opQQIEACJiRw%2BmENJG7AgQAMPAgQIAP%2F2Q%3D%3D&hash=7859731d356ad0dd88b0e41d29b7479b

Is there an error in your Nginx logs about this? It could be a specific issue with your setup/Nginx configuration. Are you doing any extra proxying for example?

 

[DeltaHF]

Ah, very interesting, great catch. I see that reports ERR_CONNECTION_CLOSED other than ERR_CONNECTION_RESET, though I'm not sure what the difference is.

I don't see anything in my Nginx error logs, but I agree it's something to do with its config. I'm using @eva2000's Centminmod, and sure enough, it returns the same error if you try to load that URL on his domain:

https://community.centminmod.com/?x=2F4AAQSkZJRgAQIDBAUGBwj%2FxABIEAABAgQDBQYDBAYIBAcAAAABAhEAAyExBBJBBSJRYXEGE4GRocEysfBCUtHxBxQjYnLhFTNTgpKiwtIWQ1STc4Oys8PT4v%2FEABkBAAMBAQEAAAAAAAAAAAAAAAABAgMEBf%2FEACMRAAICAQQCAwEBAAAAAAAAAAABAhEhAxIxQRNRFDJhBCL%2F2gAMAwEAAhEDEQA%2FAOfJAPF%2BVXh1YJFmNmr7wpU4KbKlANywcuK6igaGxNDNY9IYE7BTghyXzGib2uaDiSL8Itc%2B6bAmtW5v9corkArEtwCXUwoN1kpcU0YqPQm5hnaGMskPUB3udOHvE1YC9mTClZzEgajnp8jFwhIctUKTTq5fy5xRYBQY0L6Ma8%2BfCLVeNShQSXYh3Z6F2cfXOCSAloUcqgCXA6OBy0pxiBMxIBSVOpvvXBPHi4dxAw6gC6FEiht4ac38hEvHSgUlRrZ6VLNUcK8oQ0Q9qAshaQH3hQg62fjU%2BZgYUkMLnzp9UhG0VlEpCQ%2BVy9NR8LtahFORhElSixT0IPlfTWGuBUSJyCHa%2FwCNm42PrDmCxBsWaoL0AHThd%2FCCnJdPMVLatVurfKGNlsSWci78wa3Dsw1hcgiwn4bMaF7mo%2BQrS8UiypK1JYWbq%2FG1W1%2FCL2VMBL0eibA1FRVubHxeIOIClELVarvTeBIJYhwCTTViIUWNEFCloJAS7HLWoH7tKF7%2FAEYssNiAtOWYnNWw4jys8QVmjkkMoEivn1Zh48oewz5cz1qRY0GhfxOlocuAaH9pYYDKWDkFt5%2FhZ9LMXc8NYjiWrKCbElOn4V%2FLjDmIxBzEAkgEnSjje1LWhS1gHM2UBk0Bqq92YbrU8auYEqQqIaZlwWU1w3A8ej1h6dPchgARx4dfCGp6iC5oCL1Y3AvfX1hpFVMVeDhuvjDGSiaElT6MOejfXpCpSza2tuTtQtCVFxVmL%2BlnPnQnWDkJratdK0c318eAiWJolok%2FCTTQnqHfyB9IZl30FaFnflTq3Qw%2FnsFXvwJY0A5%2FjeIsucAQpNaVcXLmtrmhp86jNBQ8UAB%2FukM5atcuteF9IT3u4pwz1oQzG556UD3gpy060FAXr66fnDalHhUfvOB0FafjDQqH5kygJazluetLsT5wUmY7OrUvQ0Pq6S4YtESTLYEMamnzHhD%2BHWBoHZrVtVxwZv5tDodk%2BXLAUd0fCHY2Kb9afKFJAJve124g9OXziLi8pJYkeXxAkC9aACFyFEB3D10cfO7twteAY%2BuYlBcudHazMHpVh420LRQ4%2FBlKElMwLBS5T8JYObPUBn48rxYiYZjlZLix4KAyvT7J%2BXWIOJkFUkLSoZkbpSKKqN4uL6mtamKiqBUinEwiBBBZ%2BngRtQy3m4cJJLF9bXsW4U06xDxEhIAyv0U3ClRTlEsz6MSSba2a0FhsKkEKNMpobHSoro44%2BkRwSSpJUJbkMQKEG2Zy9qDdPmaxUYhRJJoNB0FAX94uJiO9kqUk1zUpTdoxAFAQXtqNIpO7IJfx%2FKCJRIlAggi7Gh6Es3r5RYY1KlBJAcFLO5IB15B7uREbCySUu%2FJqcG%2Bn5RZ4Yht74XAa9FUCS2rmCTFZEkSFaXDEU8fH%2BYi7kqKQEqANK0rvODDGAw29aofdI5fiOg8oWUlyC40%2Fn5%2FXCbsCQcOCLukNRvLl%2BcM4rCOndAVqXH01aecPSnCBxto9KeOkNSZuY0Ng7HzD62eIAKXLdyk9OBd9OP0RaIqMH3alM5SouC4ID1bi%2FXjq0SgFZRoU3FT7cj5xDlyCCVlZLgA5vBhm4i1b8bw0OhuRNypmHQLN6hybuKiw1p5w7Inp7pBZWqTS2YkM7XavNnpFb3romgtUuDbU3Ov84kplkSkpZill2414fvRVZDsLGYfLQsAaOaAG1SNH9DB7OJlhrjUhjeuUa2c%2FnFhMnpyHNmdRQaWsoGj8Cw61IhOFwC5rd2KklwlO8WruhjmAaqg4ZYvC6BoTMwSS6ikktUk8KAksHow%2BZg07PKswQVIzEZJbOxRlUFKUQQ4SQVZa04VFgJiZcxSC4QqUQQxcuKA94H0Cn4kUivlyAMqiQpL2zAbxdg5Bu3WhgQUVa8OsEuCEslYdyCFMzXDsb8uMEmUohwG0cgUo5HWr1q3WLvEy8%2BcqynLLyoLKSAAd3Qbwz0elhwERMXPSghgrKreD3JplDVbkdQTFDGASwL0bQPWz3rZoJ2IJAqfEipHDj8oLEKVlG6RQEghjlNjbXjBJmcvR9NeBtEEj8wEvQq66sA3UH2huUirpJvq%2Fgx8v5Q3LmkA6AUYMKP5NB96BzcfXj%2FOFQWOTJJ%2BFy2hqACKPSESU73EW6njQwtTCpDkAEPaj16gk%2BUFLmhyQb1rxa1Pn08RIQUwEkg2NlPZqZSBesNmSEkMavZtBUc6AGvKCOIOVTk0Zw12NOdoZxM1KSciqE1IfTmoevUV0pIB3FY%2FKndFSWci3AgamvpFdiccT8JyHUJ3WVUULuzMW0IqeIDE8tx%2B1Z%2BKObETFqGiHZI%2Fuig8o1hpOREppHdP1qW7d4h%2BGYP8AOH0l6io5RwbCYOWaFA94usH2dBrInTJKuINPMMRGz%2FkaV2StU3P6RVD9UyG0yahJ6JeaR0PdN4xybaCKjqfQt7esabacnHIShOJnCbKzOgvmOYDJcjN8Mw3MZrHKqC%2Bj66194IR2qiZOyMxGUvUa%2BA%2FGHMVtKcHEtRSGc5aEk6OK%2BXrCJyhSp104UOvKGFyznpUnXRKeXNtecWm%2BBCZEmdNLrUonid4h%2BZNPOLnA7DWph36h0Wr2TCcMigAjT7MwqZTTJywlHO1wDzJq4AuxpGyhGKuROWyu%2FwCDMSofs55PLvC%2FkoJHrFVjti42RWYJoHFy3n8JPQmOgI7dbOl0eYrmEf7lAxcbN7c4CbQTcj0aYkgeJDpHiYwcl0iqOJTNoTRQrmBrgkiIylKJJNT0BMd32v2IwmJTmQlKSQ6VILpPRjQfwsOIMc27SdgcRh3MsGYnl8XgftdKH92BOwoy8o0qz9B%2BEJmqYOGHhCZSa1oXYuDTi4vSCxLAlKSCAWcOAQLEPXnDEJzE70Jwjd4ApWUE1Uzs%2BrOPnByTWGlJLwAWWInoyPLWSaAhSMt%2BDE%2BrRHk4wuxZoaEshBflDaU2hAT52KIUAPGH52I3A1CS0QJ6CSCxsIWASluYirAmLxKyUAqJypCal7lS%2FD4tPeE9%2BEzBZ6VardevzhwZd1kspjnLkurMWNbbuWghqfhsygXYC5v0Yak8IANHsftRi0t3c%2BaC7ZSe8D8Mq3EabDdr1Spg%2FWJCpKjeYlCkoU%2F9pLUwJL%2FGlQPEEUjD7Pnh3QMo4j4lHiVirdGEdJ7LYTvACtCCnipILvoKOTyhvT%2FzuGnmjLfpR2iJysMtFR3awdRVSLKIqCByI1AIYY%2BSkPycNbiQx9Y7N2j7Fy50opknuySSUqByEt8QJGZB6Fr0jl21tgT8MvLNllIJufhJFXSqxp5MLRlEobwm7XUEmlfsn8BGs7A3TY0BpapBp5xlNnIcgmjuGb%2BLWNd%2Bj8fB0T8xFPga5OmQIUIEcxZHiJj8UpDBASVFzvFgAOIcPXQGJQMU3aPakrChM2agKBOUbuYgh1Bhzr6QtOm8hLg5R2k2QszlzJq88wqdRH71UnoQKcLaRDEqCk4xE%2FGzZxT3aTmWlNgAGACm43I4iI8rbYzqCkuM26RSmjv849CEoJZOd3ZPxZUiUVpuG04ltesUmzsDiMZOTJllUyYq2ZRbi5JsKHyjXLkFeE74MJEwTEFTEsUhTnQUyOQeMZmRtFUlalYfEFLgg5UKBAYjKHdgXZ3ETqyTeAiiXsTBTJc2ciY7y2BqSBVyz%2FwQeMluryHkAIf7O4mZM75UxTqUzlXxKO8XrW6z5xa7Ow0pSJqlrQiYmYGCvtJL2dwoUU45JvaI6KJnYXZqJillUvvFjKwdO6CVkne8PJoPtli8Ph5qpK5RSpYSrMMjCpGYs1NP7p4l6RO1zIWVyf2em8sKCrs4ShLN1MUv9KLm4k4jE%2FtFMWZiHSGQABQAHjrWEm0wL2RPRKGdVfupe566Difdorlzp2MWVKUyUhnslINWSNKeJ1OsVAnLWGNyonWuZqN1fzjXSMKiXKAW%2BUXCbrUbj1HOw5ipz3DijNYvZ8sUCyTzZvlFcuWpB9xHQtm7FXigcmAl5GO%2BGC35KBqQaPUXuRGW2rstUiYZSwoA2zXHI8xyuGMZ%2FgUPdne1GIwxeTMIq6kXSeeU09%2BBEdX7N%2FpGw%2BIARPyylkXP9UrxPw9DQcY4Sl0LbUFosUzOIbmPnyh0mI7f2m7FSMUHyhK1Ci0EZuTU30s5rVrcuPbf7Mz8Iv8Aah0E7qw%2BVXInRQ1Sa%2FOL7st2ynYRkq%2FayXqgm3NB%2ByelH01HVMHjsJtGUoApWlQ3pawyhyUnkbKFtDEu4j5PPGbpDYJ4avwjb9uewS8GTNlkrw5N%2FtS3oEq5cFeBbXIBIEWsiEKW4oL%2FAFpASKWhzMIUFiGASZxFx6%2FjDgm8vrwhIWIWlcABrDJStxUqo5cZGd6c4JaiUgca%2Bf8AKGMbNIQ2hP4P7ecR8FOJWgOWKgPAsILA0%2BzMI6ko0528eUSNv9oDNmCXLWpEpFEBJKX%2FAH1M1TdjanCIO1ceEGYhPxPlP8JAJ8w484pZIeYDyHtGuq1hIUTZ7J7c4uQGE%2FvEht2eO8vbfcL4Cqo3nZztTJxwVIxMtCVKIATmzIXwyvVKnt83jiEtO6ocn9YkJUpCgoEgGvjr%2BMYOKZZv%2B2nY1eGedIzLkXIqVS%2BrXT%2B958TJ7DkAIsKJZzo40iF2c%2FSBNlMmd%2B1RZQUXU2rKNFdDexPCZNmSpU9Jw8yX3EwZ0FVchdJVKUAQUlOYEA6EDQmHvk47ZDiqeDo4V9MYEUsvbKWDzZJPEKIHg7%2FOCjlNaZCV2olgfCuz1b2JMZP9Ie2RPw6QkKl5JjlUxNGIUnRy7tpxiKJx4mG8UO8SpJAIUGLn2A94Iwadjk4tGawexFzEBeYqSpRSk92vKVCpAJAFBUksAAaw1P2ShBPeKZvAcm%2B94GLPaM5WHw4QoqmIcJTvMUNmIykp3bmwjMzsVLJcy5h6zX%2BaHjqTRytF5hgnuxkUrJYAA6nga1Ivq3KFysCgnezEniUt4B2igl7QQm0tX%2FdOlrJh8baH9mfGYenCDcgNTj8AMOhC5rSkqDuU524BQQVKSS4oU6jm1Pi9pyk0cr5pHrUi%2FSIU%2Fb4WgS1SsyQXAzqFbPRn%2FvPEQYqU7nDj%2FuLHyhWMsztDDDdXKnGv2ZqAK8shd%2BsVM7EJKlFKChJsM2bzLB68hDwxsj%2FpQTxM6b8gREPGTUqW6JYlhmIClqc8XWSeTClIVgWGxEZlg8CPn%2FKNJisQlU7uirKSUSxyzkZlPyC%2F8ojN7FVlPiD5GJu3gZeJTMAf4ZgsHybxDnVgPOGnTH0dwwW3JMmWiVLT8CQMosA1BR6MCB0AZzGL%2FSTiJOIlS5sv4gQo8Q5ylPqD4Q9hSTlKlbqgFy1OA40IzMC3wlJLg6FiIidoZYMlzUOkJsXJU5NzfIqopRTRCWS8Uc22shlA8REuVMBAPIQO0yAnJ4%2B0V2HnFqOW4VjTgzLZJB0iZhJxQQpCiFCxBYjxijGKa%2F4Q6jaA1I8xBYHRcL27WZCpGISZoIZKxVViMq0n%2BsSbEEgkE1djGAny5YUQZoSXtlUoDlmSC7Q4naKcpLOBqA7aX0inXMCiSS3gYWFwBbIwqSKTpPiop88wESpOxJqvgVKX%2FDOlfIrBigSpIBrccDBjEJAAv4NDsDTSuy2LV8MlR6KQfkqsFO7M4tNDh5teCX%2BUR9nbCmTUJmJQgJIdLqAcWfjpFtK2PjUjdms1gmaoeAsBBZW1lFjdl4kICFSJoZSlVB%2B0Ei3RA9OEQhsqeK90seH4xtJeydoG%2BJWOXfTT8oa2phsdIkrmqxE5QQzhM2a7EgE1agdzyeEG1mTWFmYVTAXJD0YHT3iUk0hqft2dOHdlc1YJFFTVEOC4oS14fnYKchbGSspNlJTmcHUD5h%2FGzuxDMonMSke0SUBWrVhzFYOamYmWlBcgEhTJyvZwCWOrcGjR7L7IqmSkrWogqdspQAzkA71bB4LRSi2Z0J4tFlsGQ80AG7u1CwB1FRXnV40MnsWgXUT1WP8ASItcJsASxuBCeNST4liYTkqLjHIwiWQGD%2BZPqYKJ%2FwDRx%2B8j1%2F2wcZG1mC7%2BFd%2FFSrHK4J8obXtBfLyEa7kczj%2Bk%2Faw7yUpOtx1H0RGMXF%2BvaS9Ft0aKnFySd4PzgbJaIbwIKA8IQqLzD7CJSCpYSSHZhR9PiitwmFJYkU5kD6ETiojh5j8YVlJexw7DH9qny%2F8A1BDY6HrOH%2BH%2BcIKzy8%2Fwg0zPqp9odjx6IqFd2sgmj5TzHH5GNhgcGjHSRJUrLNR8KmdxpR69NQTqBGSxUrNUO%2F8ACqv%2BWBg8StCg2YKFiAT4GE1ZKdM6DsjYmKwqSj9clpl3yqEtaQeIRMdb9EAwnaKysuSooBJzL%2BJaiwKiNKAAJ%2BykAREwfa%2BcpGRclUynxZCo%2BbP84YxaMZPDpkTG0cZfmPaHF0VS6Iy9qpSSNX0Igjt4DQ%2F4v5QhPZPFm0gDrMA%2F0w8jsVizdEsdVv8A6RFWTTGz2iOg%2FwAxgJ28o%2FZHmfxiajsJivvSR4KPyVEuX2Eni86UOks%2B6oLHtZTYjaSpiVIUBlUCCK68HN4yGJklBKVD%2BY4iOoI7DTNcU38MtPvAm9gAsNMxUxQ4BEv03XHhCDazlbxL2Vs1c%2BYEIB%2FeID5Rqo%2B3GOjI%2FRrhtZs4%2FwCEf6YmSOwuGQGTNxAGuWYU%2FwDpaECgPYNc1CUoRmSlICQOQoB5RZyZs7U%2F5orkdkMKPtTz1nL%2FABh0dlMIPsLPWYs%2B8TtZvuLLMvVYHVYHvDs6WFJUlcyUUqDEGYliCGIvrFYnsxhB%2FwAkHqVH3h1GwML%2FANPL8n%2BcG0HI5N2h2MrBTynMFyzVC0qBBT90kWWNfPWNV2a7WJEsInKWALLQopPi3v4EWjZf0Jhv%2Bmk%2F4EH5wqXsrDpth5A6S0fNobVkRTTwZjDz5MyZkklgo781VWBqS5uo6DjyeNakyGCUzCwYBgKAaX4Q4hCQN1KQ3AAQoqhbS7EZJR%2B3NPl%2FugDDSjos%2BIhSlwM0PaFhjDS%2Fur8x%2BECE5%2Fr6MHBtQWzODsfJFyfOHP8AhHDa%2B34RdGV9MIBSfr8oZG0qE9lMKNIWezWFH2Ys2PD%2FADQAknT684A2lWnszhL90k%2BEOo2DhB%2FyU%2BUWCZfIQaU8oB0iENk4YWko9IWNnyNJKD4CJdOEE%2FIQUwI36kgWkyx5fhC5eHT%2FAGSB5Q855QM0KgDQP3Uj65Q4JjaQ3nMFWCgH%2B%2BMF3p4xHg8sOgHlTTxhOfnCMn00GBDoBeeCCoTlgZIKAV3kDN9PBZOsEEwUAeblAeDyQMsFAEFQnNDmWBl6wwEwC8OJD8YATwEADbwKw4BB5W%2FOCgGoMCF5YDdIAENBZYcAeAYAGSmBDwQYEKh2IMEq3j7wIEIQR94MQIEMYl6nrBn2MCBAICoLQeHtAgQwCJhUv2HtAgQAKUPrzhK7QIEIYuEkwIEMQZFYcN4KBAAQP15wDAgQDEJMB%2FnAgQmMS8L%2BvWDgQCFJgl%2FXlBQIAD%2FCHkiBAgANIvC0oHAQIEIQrKKUFjC8opQQIEACJiRw%2BmENJG7AgQAMPAgQIAP%2F2Q%3D%3D&hash=7859731d356ad0dd88b0e41d29b7479b

@eva2000 I was also able to break a Centminmod forum page by pasting one of the embedded images into an old post of mine. Any ideas as to what might be going on?

 

[TPerry]

@DeltaHF, try playing with your large_client_header_buffers.
http://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers
I think what you are getting is a 400 error in your log
This is a sample from mine when I try that URL on it

64.188.254.247 - - [18/Mar/2016:18:26:12 -0500] "-" 400 0 "-" "-"

The second part may be due to your client_max_body_size and possibly client_body_buffer_size.

These settings are found in /usr/local/nginx/nginx.conf.

It may also be the client_header_buffer_size

 

[eva2000]

@eva2000 I was also able to break a Centminmod forum page by pasting one of the embedded images into an old post of mine. Any ideas as to what might be going on?

problem for my forums at least is the default nginx HTTP/2 max field and header size limits have been hit. Strange if Xenforo.com forum's using Nginx with HTTP/2 then maybe they have raised that limit ?

error.log with info verbosity

grep -v 'ngx_pagespeed' error.log | tail -20

2016/03/20 06:20:19 [info] 6155#6155: *3 client timed out (110: Connection timed out) while waiting for request, IP, server: 0.0.0.0:443
2016/03/20 06:20:21 [info] 6156#6156: *16 client exceeded http2_max_field_size limit while processing HTTP/2 connection, client: IP, server: 0.0.0.0:443
2016/03/20 06:20:22 [info] 6155#6155: *20 client exceeded http2_max_field_size limit while processing HTTP/2 connection, client: IP, server: 0.0.0.0:443
2016/03/20 06:20:24 [info] 6155#6155: *15 client timed out (110: Connection timed out) while SSL handshaking, client: IP, server: 0.0.0.0:443
2016/03/20 06:20:45 [info] 6157#6157: *42 client closed connection while SSL handshaking, client: IP, server: 0.0.0.0:443
2016/03/20 06:20:46 [info] 6155#6155: *43 client IP closed keepalive connection
2016/03/20 06:26:30 [info] 9020#9020: *11 client exceeded http2_max_header_size limit while processing HTTP/2 connection, client: IP, server: 0.0.0.0:443
2016/03/20 06:26:31 [info] 9020#9020: *40 client exceeded http2_max_header_size limit while processing HTTP/2 connection, client: IP, server: 0.0.0.0:443
2016/03/20 06:26:38 [info] 9019#9019: *46 client exceeded http2_max_header_size limit while processing HTTP/2 connection, client: IP, server: 0.0.0.0:443

defaults for http2_max_field_size and http2_max_header_size limits are 4k and 16k respectively. For my forums probably due to the additionally added headers i.e. HTTP Public Key Pinning and security headers, that might have pushed the base64 encoded external proxy image requests over the limits. Fails nicely now on my forums with these settings in my HTTP/2 nginx vhost config file

# http/2 settings http://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_field_size
http2_max_field_size 16k;
http2_max_header_size 32k;