1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 Embedded Base64 Images Causing Some Problems

Discussion in 'Troubleshooting and Problems' started by DeltaHF, Mar 17, 2016.

  1. DeltaHF

    DeltaHF Well-Known Member

    For some reason, several of my users have been trying to directly embed Base-64 encoded images into their posts. The XF image proxy attempts to process them, but it fails, breaking many other resources on the thread page including smilies, avatars, even stylesheets (they show an ERR_CONNECTION_RESET in the Chrome dev console).

    When I've tried this in the test forum here, the image proxy appears to fail gracefully and display the software's regular broken image placeholder.

    Why does my site behave differently? I'm using XF 1.5.6, PHP-FPM 5.6.18, Nginx 1.9.11, with PHP GD set as the default image processor.
     
  2. Mike

    Mike XenForo Developer Staff Member

    It's very difficult to say. That's an invalid URL, so there shouldn't be any work/fetching going on in the proxy. Can you show a demo in your situation?
     
  3. DeltaHF

    DeltaHF Well-Known Member

    Yes, here's a direct link to one of the aforementioned posts. The embedded images are broken along with many others on the page. Refresh it a few times and even the stylesheets will break - I didn't notice any consistency as to what failed.

    Here's the raw version of that post (I wasn't able to try those exact images here because of the 1,000 character limit).
     
  4. DeltaHF

    DeltaHF Well-Known Member

    OK, so I just did another test on my site with a shorter base64 embed (the same one I used in the test forum here), and it failed gracefully...

    Could there be some type of bug which causes the image proxy to fail if the encoded string is too long? I have a high character limit for my posts, so it will accept very long encoded strings for the image in the post's text.
     
  5. Mike

    Mike XenForo Developer Staff Member

    This is actually happening independent of XF. You can trigger it by just sending a long URL to Nginx. For example:

    Code:
    https://www.gtplanet.net/?x=2F4AAQSkZJRgAQIDBAUGBwj%2FxABIEAABAgQDBQYDBAYIBAcAAAABAhEAAyExBBJBBSJRYXEGE4GRocEysfBCUtHxBxQjYnLhFTNTgpKiwtIWQ1STc4Oys8PT4v%2FEABkBAAMBAQEAAAAAAAAAAAAAAAABAgMEBf%2FEACMRAAICAQQCAwEBAAAAAAAAAAABAhEhAxIxQRNRFDJhBCL%2F2gAMAwEAAhEDEQA%2FAOfJAPF%2BVXh1YJFmNmr7wpU4KbKlANywcuK6igaGxNDNY9IYE7BTghyXzGib2uaDiSL8Itc%2B6bAmtW5v9corkArEtwCXUwoN1kpcU0YqPQm5hnaGMskPUB3udOHvE1YC9mTClZzEgajnp8jFwhIctUKTTq5fy5xRYBQY0L6Ma8%2BfCLVeNShQSXYh3Z6F2cfXOCSAloUcqgCXA6OBy0pxiBMxIBSVOpvvXBPHi4dxAw6gC6FEiht4ac38hEvHSgUlRrZ6VLNUcK8oQ0Q9qAshaQH3hQg62fjU%2BZgYUkMLnzp9UhG0VlEpCQ%2BVy9NR8LtahFORhElSixT0IPlfTWGuBUSJyCHa%2FwCNm42PrDmCxBsWaoL0AHThd%2FCCnJdPMVLatVurfKGNlsSWci78wa3Dsw1hcgiwn4bMaF7mo%2BQrS8UiypK1JYWbq%2FG1W1%2FCL2VMBL0eibA1FRVubHxeIOIClELVarvTeBIJYhwCTTViIUWNEFCloJAS7HLWoH7tKF7%2FAEYssNiAtOWYnNWw4jys8QVmjkkMoEivn1Zh48oewz5cz1qRY0GhfxOlocuAaH9pYYDKWDkFt5%2FhZ9LMXc8NYjiWrKCbElOn4V%2FLjDmIxBzEAkgEnSjje1LWhS1gHM2UBk0Bqq92YbrU8auYEqQqIaZlwWU1w3A8ej1h6dPchgARx4dfCGp6iC5oCL1Y3AvfX1hpFVMVeDhuvjDGSiaElT6MOejfXpCpSza2tuTtQtCVFxVmL%2BlnPnQnWDkJratdK0c318eAiWJolok%2FCTTQnqHfyB9IZl30FaFnflTq3Qw%2FnsFXvwJY0A5%2FjeIsucAQpNaVcXLmtrmhp86jNBQ8UAB%2FukM5atcuteF9IT3u4pwz1oQzG556UD3gpy060FAXr66fnDalHhUfvOB0FafjDQqH5kygJazluetLsT5wUmY7OrUvQ0Pq6S4YtESTLYEMamnzHhD%2BHWBoHZrVtVxwZv5tDodk%2BXLAUd0fCHY2Kb9afKFJAJve124g9OXziLi8pJYkeXxAkC9aACFyFEB3D10cfO7twteAY%2BuYlBcudHazMHpVh420LRQ4%2FBlKElMwLBS5T8JYObPUBn48rxYiYZjlZLix4KAyvT7J%2BXWIOJkFUkLSoZkbpSKKqN4uL6mtamKiqBUinEwiBBBZ%2BngRtQy3m4cJJLF9bXsW4U06xDxEhIAyv0U3ClRTlEsz6MSSba2a0FhsKkEKNMpobHSoro44%2BkRwSSpJUJbkMQKEG2Zy9qDdPmaxUYhRJJoNB0FAX94uJiO9kqUk1zUpTdoxAFAQXtqNIpO7IJfx%2FKCJRIlAggi7Gh6Es3r5RYY1KlBJAcFLO5IB15B7uREbCySUu%2FJqcG%2Bn5RZ4Yht74XAa9FUCS2rmCTFZEkSFaXDEU8fH%2BYi7kqKQEqANK0rvODDGAw29aofdI5fiOg8oWUlyC40%2Fn5%2FXCbsCQcOCLukNRvLl%2BcM4rCOndAVqXH01aecPSnCBxto9KeOkNSZuY0Ng7HzD62eIAKXLdyk9OBd9OP0RaIqMH3alM5SouC4ID1bi%2FXjq0SgFZRoU3FT7cj5xDlyCCVlZLgA5vBhm4i1b8bw0OhuRNypmHQLN6hybuKiw1p5w7Inp7pBZWqTS2YkM7XavNnpFb3romgtUuDbU3Ov84kplkSkpZill2414fvRVZDsLGYfLQsAaOaAG1SNH9DB7OJlhrjUhjeuUa2c%2FnFhMnpyHNmdRQaWsoGj8Cw61IhOFwC5rd2KklwlO8WruhjmAaqg4ZYvC6BoTMwSS6ikktUk8KAksHow%2BZg07PKswQVIzEZJbOxRlUFKUQQ4SQVZa04VFgJiZcxSC4QqUQQxcuKA94H0Cn4kUivlyAMqiQpL2zAbxdg5Bu3WhgQUVa8OsEuCEslYdyCFMzXDsb8uMEmUohwG0cgUo5HWr1q3WLvEy8%2BcqynLLyoLKSAAd3Qbwz0elhwERMXPSghgrKreD3JplDVbkdQTFDGASwL0bQPWz3rZoJ2IJAqfEipHDj8oLEKVlG6RQEghjlNjbXjBJmcvR9NeBtEEj8wEvQq66sA3UH2huUirpJvq%2Fgx8v5Q3LmkA6AUYMKP5NB96BzcfXj%2FOFQWOTJJ%2BFy2hqACKPSESU73EW6njQwtTCpDkAEPaj16gk%2BUFLmhyQb1rxa1Pn08RIQUwEkg2NlPZqZSBesNmSEkMavZtBUc6AGvKCOIOVTk0Zw12NOdoZxM1KSciqE1IfTmoevUV0pIB3FY%2FKndFSWci3AgamvpFdiccT8JyHUJ3WVUULuzMW0IqeIDE8tx%2B1Z%2BKObETFqGiHZI%2Fuig8o1hpOREppHdP1qW7d4h%2BGYP8AOH0l6io5RwbCYOWaFA94usH2dBrInTJKuINPMMRGz%2FkaV2StU3P6RVD9UyG0yahJ6JeaR0PdN4xybaCKjqfQt7esabacnHIShOJnCbKzOgvmOYDJcjN8Mw3MZrHKqC%2Bj66194IR2qiZOyMxGUvUa%2BA%2FGHMVtKcHEtRSGc5aEk6OK%2BXrCJyhSp104UOvKGFyznpUnXRKeXNtecWm%2BBCZEmdNLrUonid4h%2BZNPOLnA7DWph36h0Wr2TCcMigAjT7MwqZTTJywlHO1wDzJq4AuxpGyhGKuROWyu%2FwCDMSofs55PLvC%2FkoJHrFVjti42RWYJoHFy3n8JPQmOgI7dbOl0eYrmEf7lAxcbN7c4CbQTcj0aYkgeJDpHiYwcl0iqOJTNoTRQrmBrgkiIylKJJNT0BMd32v2IwmJTmQlKSQ6VILpPRjQfwsOIMc27SdgcRh3MsGYnl8XgftdKH92BOwoy8o0qz9B%2BEJmqYOGHhCZSa1oXYuDTi4vSCxLAlKSCAWcOAQLEPXnDEJzE70Jwjd4ApWUE1Uzs%2BrOPnByTWGlJLwAWWInoyPLWSaAhSMt%2BDE%2BrRHk4wuxZoaEshBflDaU2hAT52KIUAPGH52I3A1CS0QJ6CSCxsIWASluYirAmLxKyUAqJypCal7lS%2FD4tPeE9%2BEzBZ6VardevzhwZd1kspjnLkurMWNbbuWghqfhsygXYC5v0Yak8IANHsftRi0t3c%2BaC7ZSe8D8Mq3EabDdr1Spg%2FWJCpKjeYlCkoU%2F9pLUwJL%2FGlQPEEUjD7Pnh3QMo4j4lHiVirdGEdJ7LYTvACtCCnipILvoKOTyhvT%2FzuGnmjLfpR2iJysMtFR3awdRVSLKIqCByI1AIYY%2BSkPycNbiQx9Y7N2j7Fy50opknuySSUqByEt8QJGZB6Fr0jl21tgT8MvLNllIJufhJFXSqxp5MLRlEobwm7XUEmlfsn8BGs7A3TY0BpapBp5xlNnIcgmjuGb%2BLWNd%2Bj8fB0T8xFPga5OmQIUIEcxZHiJj8UpDBASVFzvFgAOIcPXQGJQMU3aPakrChM2agKBOUbuYgh1Bhzr6QtOm8hLg5R2k2QszlzJq88wqdRH71UnoQKcLaRDEqCk4xE%2FGzZxT3aTmWlNgAGACm43I4iI8rbYzqCkuM26RSmjv849CEoJZOd3ZPxZUiUVpuG04ltesUmzsDiMZOTJllUyYq2ZRbi5JsKHyjXLkFeE74MJEwTEFTEsUhTnQUyOQeMZmRtFUlalYfEFLgg5UKBAYjKHdgXZ3ETqyTeAiiXsTBTJc2ciY7y2BqSBVyz%2FwQeMluryHkAIf7O4mZM75UxTqUzlXxKO8XrW6z5xa7Ow0pSJqlrQiYmYGCvtJL2dwoUU45JvaI6KJnYXZqJillUvvFjKwdO6CVkne8PJoPtli8Ph5qpK5RSpYSrMMjCpGYs1NP7p4l6RO1zIWVyf2em8sKCrs4ShLN1MUv9KLm4k4jE%2FtFMWZiHSGQABQAHjrWEm0wL2RPRKGdVfupe566Difdorlzp2MWVKUyUhnslINWSNKeJ1OsVAnLWGNyonWuZqN1fzjXSMKiXKAW%2BUXCbrUbj1HOw5ipz3DijNYvZ8sUCyTzZvlFcuWpB9xHQtm7FXigcmAl5GO%2BGC35KBqQaPUXuRGW2rstUiYZSwoA2zXHI8xyuGMZ%2FgUPdne1GIwxeTMIq6kXSeeU09%2BBEdX7N%2FpGw%2BIARPyylkXP9UrxPw9DQcY4Sl0LbUFosUzOIbmPnyh0mI7f2m7FSMUHyhK1Ci0EZuTU30s5rVrcuPbf7Mz8Iv8Aah0E7qw%2BVXInRQ1Sa%2FOL7st2ynYRkq%2FayXqgm3NB%2ByelH01HVMHjsJtGUoApWlQ3pawyhyUnkbKFtDEu4j5PPGbpDYJ4avwjb9uewS8GTNlkrw5N%2FtS3oEq5cFeBbXIBIEWsiEKW4oL%2FAFpASKWhzMIUFiGASZxFx6%2FjDgm8vrwhIWIWlcABrDJStxUqo5cZGd6c4JaiUgca%2Bf8AKGMbNIQ2hP4P7ecR8FOJWgOWKgPAsILA0%2BzMI6ko0528eUSNv9oDNmCXLWpEpFEBJKX%2FAH1M1TdjanCIO1ceEGYhPxPlP8JAJ8w484pZIeYDyHtGuq1hIUTZ7J7c4uQGE%2FvEht2eO8vbfcL4Cqo3nZztTJxwVIxMtCVKIATmzIXwyvVKnt83jiEtO6ocn9YkJUpCgoEgGvjr%2BMYOKZZv%2B2nY1eGedIzLkXIqVS%2BrXT%2B958TJ7DkAIsKJZzo40iF2c%2FSBNlMmd%2B1RZQUXU2rKNFdDexPCZNmSpU9Jw8yX3EwZ0FVchdJVKUAQUlOYEA6EDQmHvk47ZDiqeDo4V9MYEUsvbKWDzZJPEKIHg7%2FOCjlNaZCV2olgfCuz1b2JMZP9Ie2RPw6QkKl5JjlUxNGIUnRy7tpxiKJx4mG8UO8SpJAIUGLn2A94Iwadjk4tGawexFzEBeYqSpRSk92vKVCpAJAFBUksAAaw1P2ShBPeKZvAcm%2B94GLPaM5WHw4QoqmIcJTvMUNmIykp3bmwjMzsVLJcy5h6zX%2BaHjqTRytF5hgnuxkUrJYAA6nga1Ivq3KFysCgnezEniUt4B2igl7QQm0tX%2FdOlrJh8baH9mfGYenCDcgNTj8AMOhC5rSkqDuU524BQQVKSS4oU6jm1Pi9pyk0cr5pHrUi%2FSIU%2Fb4WgS1SsyQXAzqFbPRn%2FvPEQYqU7nDj%2FuLHyhWMsztDDDdXKnGv2ZqAK8shd%2BsVM7EJKlFKChJsM2bzLB68hDwxsj%2FpQTxM6b8gREPGTUqW6JYlhmIClqc8XWSeTClIVgWGxEZlg8CPn%2FKNJisQlU7uirKSUSxyzkZlPyC%2F8ojN7FVlPiD5GJu3gZeJTMAf4ZgsHybxDnVgPOGnTH0dwwW3JMmWiVLT8CQMosA1BR6MCB0AZzGL%2FSTiJOIlS5sv4gQo8Q5ylPqD4Q9hSTlKlbqgFy1OA40IzMC3wlJLg6FiIidoZYMlzUOkJsXJU5NzfIqopRTRCWS8Uc22shlA8REuVMBAPIQO0yAnJ4%2B0V2HnFqOW4VjTgzLZJB0iZhJxQQpCiFCxBYjxijGKa%2F4Q6jaA1I8xBYHRcL27WZCpGISZoIZKxVViMq0n%2BsSbEEgkE1djGAny5YUQZoSXtlUoDlmSC7Q4naKcpLOBqA7aX0inXMCiSS3gYWFwBbIwqSKTpPiop88wESpOxJqvgVKX%2FDOlfIrBigSpIBrccDBjEJAAv4NDsDTSuy2LV8MlR6KQfkqsFO7M4tNDh5teCX%2BUR9nbCmTUJmJQgJIdLqAcWfjpFtK2PjUjdms1gmaoeAsBBZW1lFjdl4kICFSJoZSlVB%2B0Ei3RA9OEQhsqeK90seH4xtJeydoG%2BJWOXfTT8oa2phsdIkrmqxE5QQzhM2a7EgE1agdzyeEG1mTWFmYVTAXJD0YHT3iUk0hqft2dOHdlc1YJFFTVEOC4oS14fnYKchbGSspNlJTmcHUD5h%2FGzuxDMonMSke0SUBWrVhzFYOamYmWlBcgEhTJyvZwCWOrcGjR7L7IqmSkrWogqdspQAzkA71bB4LRSi2Z0J4tFlsGQ80AG7u1CwB1FRXnV40MnsWgXUT1WP8ASItcJsASxuBCeNST4liYTkqLjHIwiWQGD%2BZPqYKJ%2FwDRx%2B8j1%2F2wcZG1mC7%2BFd%2FFSrHK4J8obXtBfLyEa7kczj%2Bk%2Faw7yUpOtx1H0RGMXF%2BvaS9Ft0aKnFySd4PzgbJaIbwIKA8IQqLzD7CJSCpYSSHZhR9PiitwmFJYkU5kD6ETiojh5j8YVlJexw7DH9qny%2F8A1BDY6HrOH%2BH%2BcIKzy8%2Fwg0zPqp9odjx6IqFd2sgmj5TzHH5GNhgcGjHSRJUrLNR8KmdxpR69NQTqBGSxUrNUO%2F8ACqv%2BWBg8StCg2YKFiAT4GE1ZKdM6DsjYmKwqSj9clpl3yqEtaQeIRMdb9EAwnaKysuSooBJzL%2BJaiwKiNKAAJ%2BykAREwfa%2BcpGRclUynxZCo%2BbP84YxaMZPDpkTG0cZfmPaHF0VS6Iy9qpSSNX0Igjt4DQ%2F4v5QhPZPFm0gDrMA%2F0w8jsVizdEsdVv8A6RFWTTGz2iOg%2FwAxgJ28o%2FZHmfxiajsJivvSR4KPyVEuX2Eni86UOks%2B6oLHtZTYjaSpiVIUBlUCCK68HN4yGJklBKVD%2BY4iOoI7DTNcU38MtPvAm9gAsNMxUxQ4BEv03XHhCDazlbxL2Vs1c%2BYEIB%2FeID5Rqo%2B3GOjI%2FRrhtZs4%2FwCEf6YmSOwuGQGTNxAGuWYU%2FwDpaECgPYNc1CUoRmSlICQOQoB5RZyZs7U%2F5orkdkMKPtTz1nL%2FABh0dlMIPsLPWYs%2B8TtZvuLLMvVYHVYHvDs6WFJUlcyUUqDEGYliCGIvrFYnsxhB%2FwAkHqVH3h1GwML%2FANPL8n%2BcG0HI5N2h2MrBTynMFyzVC0qBBT90kWWNfPWNV2a7WJEsInKWALLQopPi3v4EWjZf0Jhv%2Bmk%2F4EH5wqXsrDpth5A6S0fNobVkRTTwZjDz5MyZkklgo781VWBqS5uo6DjyeNakyGCUzCwYBgKAaX4Q4hCQN1KQ3AAQoqhbS7EZJR%2B3NPl%2FugDDSjos%2BIhSlwM0PaFhjDS%2Fur8x%2BECE5%2Fr6MHBtQWzODsfJFyfOHP8AhHDa%2B34RdGV9MIBSfr8oZG0qE9lMKNIWezWFH2Ys2PD%2FADQAknT684A2lWnszhL90k%2BEOo2DhB%2FyU%2BUWCZfIQaU8oB0iENk4YWko9IWNnyNJKD4CJdOEE%2FIQUwI36kgWkyx5fhC5eHT%2FAGSB5Q855QM0KgDQP3Uj65Q4JjaQ3nMFWCgH%2B%2BMF3p4xHg8sOgHlTTxhOfnCMn00GBDoBeeCCoTlgZIKAV3kDN9PBZOsEEwUAeblAeDyQMsFAEFQnNDmWBl6wwEwC8OJD8YATwEADbwKw4BB5W%2FOCgGoMCF5YDdIAENBZYcAeAYAGSmBDwQYEKh2IMEq3j7wIEIQR94MQIEMYl6nrBn2MCBAICoLQeHtAgQwCJhUv2HtAgQAKUPrzhK7QIEIYuEkwIEMQZFYcN4KBAAQP15wDAgQDEJMB%2FnAgQmMS8L%2BvWDgQCFJgl%2FXlBQIAD%2FCHkiBAgANIvC0oHAQIEIQrKKUFjC8opQQIEACJiRw%2BmENJG7AgQAMPAgQIAP%2F2Q%3D%3D&hash=7859731d356ad0dd88b0e41d29b7479b
    Is there an error in your Nginx logs about this? It could be a specific issue with your setup/Nginx configuration. Are you doing any extra proxying for example?
     
  6. DeltaHF

    DeltaHF Well-Known Member

    Ah, very interesting, great catch. I see that reports ERR_CONNECTION_CLOSED other than ERR_CONNECTION_RESET, though I'm not sure what the difference is.

    I don't see anything in my Nginx error logs, but I agree it's something to do with its config. I'm using @eva2000's Centminmod, and sure enough, it returns the same error if you try to load that URL on his domain:

    Code:
    https://community.centminmod.com/?x=2F4AAQSkZJRgAQIDBAUGBwj%2FxABIEAABAgQDBQYDBAYIBAcAAAABAhEAAyExBBJBBSJRYXEGE4GRocEysfBCUtHxBxQjYnLhFTNTgpKiwtIWQ1STc4Oys8PT4v%2FEABkBAAMBAQEAAAAAAAAAAAAAAAABAgMEBf%2FEACMRAAICAQQCAwEBAAAAAAAAAAABAhEhAxIxQRNRFDJhBCL%2F2gAMAwEAAhEDEQA%2FAOfJAPF%2BVXh1YJFmNmr7wpU4KbKlANywcuK6igaGxNDNY9IYE7BTghyXzGib2uaDiSL8Itc%2B6bAmtW5v9corkArEtwCXUwoN1kpcU0YqPQm5hnaGMskPUB3udOHvE1YC9mTClZzEgajnp8jFwhIctUKTTq5fy5xRYBQY0L6Ma8%2BfCLVeNShQSXYh3Z6F2cfXOCSAloUcqgCXA6OBy0pxiBMxIBSVOpvvXBPHi4dxAw6gC6FEiht4ac38hEvHSgUlRrZ6VLNUcK8oQ0Q9qAshaQH3hQg62fjU%2BZgYUkMLnzp9UhG0VlEpCQ%2BVy9NR8LtahFORhElSixT0IPlfTWGuBUSJyCHa%2FwCNm42PrDmCxBsWaoL0AHThd%2FCCnJdPMVLatVurfKGNlsSWci78wa3Dsw1hcgiwn4bMaF7mo%2BQrS8UiypK1JYWbq%2FG1W1%2FCL2VMBL0eibA1FRVubHxeIOIClELVarvTeBIJYhwCTTViIUWNEFCloJAS7HLWoH7tKF7%2FAEYssNiAtOWYnNWw4jys8QVmjkkMoEivn1Zh48oewz5cz1qRY0GhfxOlocuAaH9pYYDKWDkFt5%2FhZ9LMXc8NYjiWrKCbElOn4V%2FLjDmIxBzEAkgEnSjje1LWhS1gHM2UBk0Bqq92YbrU8auYEqQqIaZlwWU1w3A8ej1h6dPchgARx4dfCGp6iC5oCL1Y3AvfX1hpFVMVeDhuvjDGSiaElT6MOejfXpCpSza2tuTtQtCVFxVmL%2BlnPnQnWDkJratdK0c318eAiWJolok%2FCTTQnqHfyB9IZl30FaFnflTq3Qw%2FnsFXvwJY0A5%2FjeIsucAQpNaVcXLmtrmhp86jNBQ8UAB%2FukM5atcuteF9IT3u4pwz1oQzG556UD3gpy060FAXr66fnDalHhUfvOB0FafjDQqH5kygJazluetLsT5wUmY7OrUvQ0Pq6S4YtESTLYEMamnzHhD%2BHWBoHZrVtVxwZv5tDodk%2BXLAUd0fCHY2Kb9afKFJAJve124g9OXziLi8pJYkeXxAkC9aACFyFEB3D10cfO7twteAY%2BuYlBcudHazMHpVh420LRQ4%2FBlKElMwLBS5T8JYObPUBn48rxYiYZjlZLix4KAyvT7J%2BXWIOJkFUkLSoZkbpSKKqN4uL6mtamKiqBUinEwiBBBZ%2BngRtQy3m4cJJLF9bXsW4U06xDxEhIAyv0U3ClRTlEsz6MSSba2a0FhsKkEKNMpobHSoro44%2BkRwSSpJUJbkMQKEG2Zy9qDdPmaxUYhRJJoNB0FAX94uJiO9kqUk1zUpTdoxAFAQXtqNIpO7IJfx%2FKCJRIlAggi7Gh6Es3r5RYY1KlBJAcFLO5IB15B7uREbCySUu%2FJqcG%2Bn5RZ4Yht74XAa9FUCS2rmCTFZEkSFaXDEU8fH%2BYi7kqKQEqANK0rvODDGAw29aofdI5fiOg8oWUlyC40%2Fn5%2FXCbsCQcOCLukNRvLl%2BcM4rCOndAVqXH01aecPSnCBxto9KeOkNSZuY0Ng7HzD62eIAKXLdyk9OBd9OP0RaIqMH3alM5SouC4ID1bi%2FXjq0SgFZRoU3FT7cj5xDlyCCVlZLgA5vBhm4i1b8bw0OhuRNypmHQLN6hybuKiw1p5w7Inp7pBZWqTS2YkM7XavNnpFb3romgtUuDbU3Ov84kplkSkpZill2414fvRVZDsLGYfLQsAaOaAG1SNH9DB7OJlhrjUhjeuUa2c%2FnFhMnpyHNmdRQaWsoGj8Cw61IhOFwC5rd2KklwlO8WruhjmAaqg4ZYvC6BoTMwSS6ikktUk8KAksHow%2BZg07PKswQVIzEZJbOxRlUFKUQQ4SQVZa04VFgJiZcxSC4QqUQQxcuKA94H0Cn4kUivlyAMqiQpL2zAbxdg5Bu3WhgQUVa8OsEuCEslYdyCFMzXDsb8uMEmUohwG0cgUo5HWr1q3WLvEy8%2BcqynLLyoLKSAAd3Qbwz0elhwERMXPSghgrKreD3JplDVbkdQTFDGASwL0bQPWz3rZoJ2IJAqfEipHDj8oLEKVlG6RQEghjlNjbXjBJmcvR9NeBtEEj8wEvQq66sA3UH2huUirpJvq%2Fgx8v5Q3LmkA6AUYMKP5NB96BzcfXj%2FOFQWOTJJ%2BFy2hqACKPSESU73EW6njQwtTCpDkAEPaj16gk%2BUFLmhyQb1rxa1Pn08RIQUwEkg2NlPZqZSBesNmSEkMavZtBUc6AGvKCOIOVTk0Zw12NOdoZxM1KSciqE1IfTmoevUV0pIB3FY%2FKndFSWci3AgamvpFdiccT8JyHUJ3WVUULuzMW0IqeIDE8tx%2B1Z%2BKObETFqGiHZI%2Fuig8o1hpOREppHdP1qW7d4h%2BGYP8AOH0l6io5RwbCYOWaFA94usH2dBrInTJKuINPMMRGz%2FkaV2StU3P6RVD9UyG0yahJ6JeaR0PdN4xybaCKjqfQt7esabacnHIShOJnCbKzOgvmOYDJcjN8Mw3MZrHKqC%2Bj66194IR2qiZOyMxGUvUa%2BA%2FGHMVtKcHEtRSGc5aEk6OK%2BXrCJyhSp104UOvKGFyznpUnXRKeXNtecWm%2BBCZEmdNLrUonid4h%2BZNPOLnA7DWph36h0Wr2TCcMigAjT7MwqZTTJywlHO1wDzJq4AuxpGyhGKuROWyu%2FwCDMSofs55PLvC%2FkoJHrFVjti42RWYJoHFy3n8JPQmOgI7dbOl0eYrmEf7lAxcbN7c4CbQTcj0aYkgeJDpHiYwcl0iqOJTNoTRQrmBrgkiIylKJJNT0BMd32v2IwmJTmQlKSQ6VILpPRjQfwsOIMc27SdgcRh3MsGYnl8XgftdKH92BOwoy8o0qz9B%2BEJmqYOGHhCZSa1oXYuDTi4vSCxLAlKSCAWcOAQLEPXnDEJzE70Jwjd4ApWUE1Uzs%2BrOPnByTWGlJLwAWWInoyPLWSaAhSMt%2BDE%2BrRHk4wuxZoaEshBflDaU2hAT52KIUAPGH52I3A1CS0QJ6CSCxsIWASluYirAmLxKyUAqJypCal7lS%2FD4tPeE9%2BEzBZ6VardevzhwZd1kspjnLkurMWNbbuWghqfhsygXYC5v0Yak8IANHsftRi0t3c%2BaC7ZSe8D8Mq3EabDdr1Spg%2FWJCpKjeYlCkoU%2F9pLUwJL%2FGlQPEEUjD7Pnh3QMo4j4lHiVirdGEdJ7LYTvACtCCnipILvoKOTyhvT%2FzuGnmjLfpR2iJysMtFR3awdRVSLKIqCByI1AIYY%2BSkPycNbiQx9Y7N2j7Fy50opknuySSUqByEt8QJGZB6Fr0jl21tgT8MvLNllIJufhJFXSqxp5MLRlEobwm7XUEmlfsn8BGs7A3TY0BpapBp5xlNnIcgmjuGb%2BLWNd%2Bj8fB0T8xFPga5OmQIUIEcxZHiJj8UpDBASVFzvFgAOIcPXQGJQMU3aPakrChM2agKBOUbuYgh1Bhzr6QtOm8hLg5R2k2QszlzJq88wqdRH71UnoQKcLaRDEqCk4xE%2FGzZxT3aTmWlNgAGACm43I4iI8rbYzqCkuM26RSmjv849CEoJZOd3ZPxZUiUVpuG04ltesUmzsDiMZOTJllUyYq2ZRbi5JsKHyjXLkFeE74MJEwTEFTEsUhTnQUyOQeMZmRtFUlalYfEFLgg5UKBAYjKHdgXZ3ETqyTeAiiXsTBTJc2ciY7y2BqSBVyz%2FwQeMluryHkAIf7O4mZM75UxTqUzlXxKO8XrW6z5xa7Ow0pSJqlrQiYmYGCvtJL2dwoUU45JvaI6KJnYXZqJillUvvFjKwdO6CVkne8PJoPtli8Ph5qpK5RSpYSrMMjCpGYs1NP7p4l6RO1zIWVyf2em8sKCrs4ShLN1MUv9KLm4k4jE%2FtFMWZiHSGQABQAHjrWEm0wL2RPRKGdVfupe566Difdorlzp2MWVKUyUhnslINWSNKeJ1OsVAnLWGNyonWuZqN1fzjXSMKiXKAW%2BUXCbrUbj1HOw5ipz3DijNYvZ8sUCyTzZvlFcuWpB9xHQtm7FXigcmAl5GO%2BGC35KBqQaPUXuRGW2rstUiYZSwoA2zXHI8xyuGMZ%2FgUPdne1GIwxeTMIq6kXSeeU09%2BBEdX7N%2FpGw%2BIARPyylkXP9UrxPw9DQcY4Sl0LbUFosUzOIbmPnyh0mI7f2m7FSMUHyhK1Ci0EZuTU30s5rVrcuPbf7Mz8Iv8Aah0E7qw%2BVXInRQ1Sa%2FOL7st2ynYRkq%2FayXqgm3NB%2ByelH01HVMHjsJtGUoApWlQ3pawyhyUnkbKFtDEu4j5PPGbpDYJ4avwjb9uewS8GTNlkrw5N%2FtS3oEq5cFeBbXIBIEWsiEKW4oL%2FAFpASKWhzMIUFiGASZxFx6%2FjDgm8vrwhIWIWlcABrDJStxUqo5cZGd6c4JaiUgca%2Bf8AKGMbNIQ2hP4P7ecR8FOJWgOWKgPAsILA0%2BzMI6ko0528eUSNv9oDNmCXLWpEpFEBJKX%2FAH1M1TdjanCIO1ceEGYhPxPlP8JAJ8w484pZIeYDyHtGuq1hIUTZ7J7c4uQGE%2FvEht2eO8vbfcL4Cqo3nZztTJxwVIxMtCVKIATmzIXwyvVKnt83jiEtO6ocn9YkJUpCgoEgGvjr%2BMYOKZZv%2B2nY1eGedIzLkXIqVS%2BrXT%2B958TJ7DkAIsKJZzo40iF2c%2FSBNlMmd%2B1RZQUXU2rKNFdDexPCZNmSpU9Jw8yX3EwZ0FVchdJVKUAQUlOYEA6EDQmHvk47ZDiqeDo4V9MYEUsvbKWDzZJPEKIHg7%2FOCjlNaZCV2olgfCuz1b2JMZP9Ie2RPw6QkKl5JjlUxNGIUnRy7tpxiKJx4mG8UO8SpJAIUGLn2A94Iwadjk4tGawexFzEBeYqSpRSk92vKVCpAJAFBUksAAaw1P2ShBPeKZvAcm%2B94GLPaM5WHw4QoqmIcJTvMUNmIykp3bmwjMzsVLJcy5h6zX%2BaHjqTRytF5hgnuxkUrJYAA6nga1Ivq3KFysCgnezEniUt4B2igl7QQm0tX%2FdOlrJh8baH9mfGYenCDcgNTj8AMOhC5rSkqDuU524BQQVKSS4oU6jm1Pi9pyk0cr5pHrUi%2FSIU%2Fb4WgS1SsyQXAzqFbPRn%2FvPEQYqU7nDj%2FuLHyhWMsztDDDdXKnGv2ZqAK8shd%2BsVM7EJKlFKChJsM2bzLB68hDwxsj%2FpQTxM6b8gREPGTUqW6JYlhmIClqc8XWSeTClIVgWGxEZlg8CPn%2FKNJisQlU7uirKSUSxyzkZlPyC%2F8ojN7FVlPiD5GJu3gZeJTMAf4ZgsHybxDnVgPOGnTH0dwwW3JMmWiVLT8CQMosA1BR6MCB0AZzGL%2FSTiJOIlS5sv4gQo8Q5ylPqD4Q9hSTlKlbqgFy1OA40IzMC3wlJLg6FiIidoZYMlzUOkJsXJU5NzfIqopRTRCWS8Uc22shlA8REuVMBAPIQO0yAnJ4%2B0V2HnFqOW4VjTgzLZJB0iZhJxQQpCiFCxBYjxijGKa%2F4Q6jaA1I8xBYHRcL27WZCpGISZoIZKxVViMq0n%2BsSbEEgkE1djGAny5YUQZoSXtlUoDlmSC7Q4naKcpLOBqA7aX0inXMCiSS3gYWFwBbIwqSKTpPiop88wESpOxJqvgVKX%2FDOlfIrBigSpIBrccDBjEJAAv4NDsDTSuy2LV8MlR6KQfkqsFO7M4tNDh5teCX%2BUR9nbCmTUJmJQgJIdLqAcWfjpFtK2PjUjdms1gmaoeAsBBZW1lFjdl4kICFSJoZSlVB%2B0Ei3RA9OEQhsqeK90seH4xtJeydoG%2BJWOXfTT8oa2phsdIkrmqxE5QQzhM2a7EgE1agdzyeEG1mTWFmYVTAXJD0YHT3iUk0hqft2dOHdlc1YJFFTVEOC4oS14fnYKchbGSspNlJTmcHUD5h%2FGzuxDMonMSke0SUBWrVhzFYOamYmWlBcgEhTJyvZwCWOrcGjR7L7IqmSkrWogqdspQAzkA71bB4LRSi2Z0J4tFlsGQ80AG7u1CwB1FRXnV40MnsWgXUT1WP8ASItcJsASxuBCeNST4liYTkqLjHIwiWQGD%2BZPqYKJ%2FwDRx%2B8j1%2F2wcZG1mC7%2BFd%2FFSrHK4J8obXtBfLyEa7kczj%2Bk%2Faw7yUpOtx1H0RGMXF%2BvaS9Ft0aKnFySd4PzgbJaIbwIKA8IQqLzD7CJSCpYSSHZhR9PiitwmFJYkU5kD6ETiojh5j8YVlJexw7DH9qny%2F8A1BDY6HrOH%2BH%2BcIKzy8%2Fwg0zPqp9odjx6IqFd2sgmj5TzHH5GNhgcGjHSRJUrLNR8KmdxpR69NQTqBGSxUrNUO%2F8ACqv%2BWBg8StCg2YKFiAT4GE1ZKdM6DsjYmKwqSj9clpl3yqEtaQeIRMdb9EAwnaKysuSooBJzL%2BJaiwKiNKAAJ%2BykAREwfa%2BcpGRclUynxZCo%2BbP84YxaMZPDpkTG0cZfmPaHF0VS6Iy9qpSSNX0Igjt4DQ%2F4v5QhPZPFm0gDrMA%2F0w8jsVizdEsdVv8A6RFWTTGz2iOg%2FwAxgJ28o%2FZHmfxiajsJivvSR4KPyVEuX2Eni86UOks%2B6oLHtZTYjaSpiVIUBlUCCK68HN4yGJklBKVD%2BY4iOoI7DTNcU38MtPvAm9gAsNMxUxQ4BEv03XHhCDazlbxL2Vs1c%2BYEIB%2FeID5Rqo%2B3GOjI%2FRrhtZs4%2FwCEf6YmSOwuGQGTNxAGuWYU%2FwDpaECgPYNc1CUoRmSlICQOQoB5RZyZs7U%2F5orkdkMKPtTz1nL%2FABh0dlMIPsLPWYs%2B8TtZvuLLMvVYHVYHvDs6WFJUlcyUUqDEGYliCGIvrFYnsxhB%2FwAkHqVH3h1GwML%2FANPL8n%2BcG0HI5N2h2MrBTynMFyzVC0qBBT90kWWNfPWNV2a7WJEsInKWALLQopPi3v4EWjZf0Jhv%2Bmk%2F4EH5wqXsrDpth5A6S0fNobVkRTTwZjDz5MyZkklgo781VWBqS5uo6DjyeNakyGCUzCwYBgKAaX4Q4hCQN1KQ3AAQoqhbS7EZJR%2B3NPl%2FugDDSjos%2BIhSlwM0PaFhjDS%2Fur8x%2BECE5%2Fr6MHBtQWzODsfJFyfOHP8AhHDa%2B34RdGV9MIBSfr8oZG0qE9lMKNIWezWFH2Ys2PD%2FADQAknT684A2lWnszhL90k%2BEOo2DhB%2FyU%2BUWCZfIQaU8oB0iENk4YWko9IWNnyNJKD4CJdOEE%2FIQUwI36kgWkyx5fhC5eHT%2FAGSB5Q855QM0KgDQP3Uj65Q4JjaQ3nMFWCgH%2B%2BMF3p4xHg8sOgHlTTxhOfnCMn00GBDoBeeCCoTlgZIKAV3kDN9PBZOsEEwUAeblAeDyQMsFAEFQnNDmWBl6wwEwC8OJD8YATwEADbwKw4BB5W%2FOCgGoMCF5YDdIAENBZYcAeAYAGSmBDwQYEKh2IMEq3j7wIEIQR94MQIEMYl6nrBn2MCBAICoLQeHtAgQwCJhUv2HtAgQAKUPrzhK7QIEIYuEkwIEMQZFYcN4KBAAQP15wDAgQDEJMB%2FnAgQmMS8L%2BvWDgQCFJgl%2FXlBQIAD%2FCHkiBAgANIvC0oHAQIEIQrKKUFjC8opQQIEACJiRw%2BmENJG7AgQAMPAgQIAP%2F2Q%3D%3D&hash=7859731d356ad0dd88b0e41d29b7479b
    @eva2000 I was also able to break a Centminmod forum page by pasting one of the embedded images into an old post of mine. Any ideas as to what might be going on?
     
  7. Tracy Perry

    Tracy Perry Well-Known Member

    @DeltaHF, try playing with your large_client_header_buffers.
    http://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers
    I think what you are getting is a 400 error in your log
    This is a sample from mine when I try that URL on it
    Code:
    64.188.254.247 - - [18/Mar/2016:18:26:12 -0500] "-" 400 0 "-" "-"
    The second part may be due to your client_max_body_size and possibly client_body_buffer_size.

    These settings are found in /usr/local/nginx/nginx.conf.

    It may also be the client_header_buffer_size
     
    Last edited: Mar 18, 2016
    DeltaHF likes this.
  8. eva2000

    eva2000 Well-Known Member

    problem for my forums at least is the default nginx HTTP/2 max field and header size limits have been hit. Strange if Xenforo.com forum's using Nginx with HTTP/2 then maybe they have raised that limit ?

    error.log with info verbosity
    Code:
    grep -v 'ngx_pagespeed' error.log | tail -20
    Code:
    2016/03/20 06:20:19 [info] 6155#6155: *3 client timed out (110: Connection timed out) while waiting for request, IP, server: 0.0.0.0:443
    2016/03/20 06:20:21 [info] 6156#6156: *16 client exceeded http2_max_field_size limit while processing HTTP/2 connection, client: IP, server: 0.0.0.0:443
    2016/03/20 06:20:22 [info] 6155#6155: *20 client exceeded http2_max_field_size limit while processing HTTP/2 connection, client: IP, server: 0.0.0.0:443
    2016/03/20 06:20:24 [info] 6155#6155: *15 client timed out (110: Connection timed out) while SSL handshaking, client: IP, server: 0.0.0.0:443
    2016/03/20 06:20:45 [info] 6157#6157: *42 client closed connection while SSL handshaking, client: IP, server: 0.0.0.0:443
    2016/03/20 06:20:46 [info] 6155#6155: *43 client IP closed keepalive connection
    2016/03/20 06:26:30 [info] 9020#9020: *11 client exceeded http2_max_header_size limit while processing HTTP/2 connection, client: IP, server: 0.0.0.0:443
    2016/03/20 06:26:31 [info] 9020#9020: *40 client exceeded http2_max_header_size limit while processing HTTP/2 connection, client: IP, server: 0.0.0.0:443
    2016/03/20 06:26:38 [info] 9019#9019: *46 client exceeded http2_max_header_size limit while processing HTTP/2 connection, client: IP, server: 0.0.0.0:443
    defaults for http2_max_field_size and http2_max_header_size limits are 4k and 16k respectively. For my forums probably due to the additionally added headers i.e. HTTP Public Key Pinning and security headers, that might have pushed the base64 encoded external proxy image requests over the limits. Fails nicely now on my forums with these settings in my HTTP/2 nginx vhost config file
    Code:
    # http/2 settings http://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_field_size
    http2_max_field_size 16k;
    http2_max_header_size 32k;
     
    DeltaHF and Sunka like this.

Share This Page