New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Maximum header size restricted to 4096 bytes #518
Comments
Hello @kusold , thank you for reporting this issue. I'm wondering what is that header holding more than 4096 bytes sent to Authelia? Is it supposed to be delivered to Authelia somehow? Regarding your question about fasthttp, I had to make a choice at some point and I wanted Authelia to handle a high throughput and reduce the price of the hop to the minimum. But I'm open to change my mind if I see any valid reason to rollback. |
The header is a large JWT token that needs to get passed to a backend service (kibana in this particular case) for authorization purposes. I currently have the service setup with a bypass rule in Authelia, but it still is subject to the header size limit. |
Ok so right now this header should simply be stripped because it is not supposed to be sent to Authelia. However, it could definitely be a problem when OAuth2 is implemented. I will keep this use case in mind for the future. Please strip the header and let us know if everything works for you in v4 or if you need more assistance. |
@kusold have you had any luck with this? |
@nightah I downgraded to v3, because it doesn’t have a header size limit. The main bottleneck is that because Traefik sends every request through Authelia, there isn’t a way to strip the header for Authelia but preserve it for the receiving service. |
@kusold if you're still interested in solving this, mind testing it for me? I think I have a fix sorted out. If you're using docker, the image will be tagged You will need to add read_buffer_size: to your configuration. |
ping @kusold would be great to get your feedback on this so that we can close this issue off. |
@kusold, I'm closing this off in the interim. We will leave the Feel free to ping either of us when/if you get a chance and we can re-open this issue and look to hopefully get that change merged in. |
@kusold this may be able to be solved by a configuration change with Traefik in the next release. See traefik/traefik#7226 |
i'm having the same issue, but for nginx |
Configure the buffers: https://www.authelia.com/configuration/miscellaneous/server/ |
sadly, that documentation was unhelpful, the page you linked to basically just said "you should change them" and the link for the actual page on buffers was confusing. i couldn't solve this issue so, appologies but i've moved on |
I have an application that uses a large header size, but fasthttp limits the size of the header by default.
Authelia should be able to pass through configurations to fasthttp:
https://godoc.org/github.com/valyala/fasthttp#Server
authelia/internal/server/server.go
Lines 106 to 107 in 3fb84fa
Alternatively: Is there a reason to use fasthttp? What was
net/http
not able to provide?I downgraded to v3, and validated that my setup works. This is a regression in v4.
The text was updated successfully, but these errors were encountered: