In nginx there is the following directive client_max_body_size:
Sets the maximum allowed size of the client request body, specified in
the “Content-Length” request header field. If the size in a request
exceeds the configured value, the 413 (Request Entity Too Large) error
is returned to the client.
As it says, this is used when Content-Length is provided in the request. I am using nginx as reverse proxy. Unfortunately, my nodejs implementation for a particular URI requires a POST body to be provided with Transfer-Encoding: chunked — it breaks otherwise. I still need to limit the accepted body size to prevent DoS. I'd like nginx to close the connection if too many bytes have been sent in the body.
Does nginx have that functionality? Or would I be better off implementing that on the nodejs server?
Best Answer
Fortunately,
client_max_body_sizeactually does apply toTransfer-Encoding: chunkedrequests. I found this out during testing. The documentation just doesn't mention this.