Limit upload time

C
Crosnier,
  • 28 Jul '23
Hello team,

I am trying to block uploads when they reach 10 seconds.
I tried many directives, just like this:

 +++++++++++++

    location / {
        proxy_set_header    X-Real-IP  $remote_addr;
        proxy_set_header    X-Forwarded-For $remote_addr;
        proxy_set_header    X-Forwarded-Proto HTTPS;
        proxy_set_header    Host $host;
        proxy_pass          https://10.0.1.48:443;
        keepalive_timeout            10;
        proxy_read_timeout           10s;
        proxy_connect_timeout        10s;
        proxy_send_timeout           10s;
        send_timeout                 10s;
        keepalive_time               10s;
        client_body_timeout          10s;
}

But none of these options seem to work, as in my logs, I'm still seeing my uploads exceeding 10 seconds:

++++++++++
********* - - [28/Jul/2023:15:22:03 +0200] "POST /api/knowledge-base/media/e9702102-f1ec-458c-8b49-6b3394bee29a HTTP/1.1" 201 775 "https://**********/knowledge-base/upload/?sortBy=name&sortDirection=asc&unit=19647654-acc7-493c-9b0f-d17f4542f339" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36" T="32.099" P="6967" XF="-"
++++++++++

I could not find any other directive to limit times for my upload request.
Is there another right way to do it ?

Thanks,

Laurent

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security, AI-powered support capabilities, and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230728/4d752848/attachment.htm>
M
Maxim
  • 30 Jul '23
Hello!

On Fri, Jul 28, 2023 at 01:57:56PM +0000, Crosnier, Laurent via nginx wrote:

> Hello team,
> 
> I am trying to block uploads when they reach 10 seconds.
> I tried many directives, just like this:
> 
>  +++++++++++++
> 
>     location / {
>         proxy_set_header    X-Real-IP  $remote_addr;
>         proxy_set_header    X-Forwarded-For $remote_addr;
>         proxy_set_header    X-Forwarded-Proto HTTPS;
>         proxy_set_header    Host $host;
>         proxy_pass          https://10.0.1.48:443;
>         keepalive_timeout            10;
>         proxy_read_timeout           10s;
>         proxy_connect_timeout        10s;
>         proxy_send_timeout           10s;
>         send_timeout                 10s;
>         keepalive_time               10s;
>         client_body_timeout          10s;
> }
> 
> But none of these options seem to work, as in my logs, I'm still seeing my uploads exceeding 10 seconds:
> 
> ++++++++++
> ********* - - [28/Jul/2023:15:22:03 +0200] "POST /api/knowledge-base/media/e9702102-f1ec-458c-8b49-6b3394bee29a HTTP/1.1" 201 775 "https://**********/knowledge-base/upload/?sortBy=name&sortDirection=asc&unit=19647654-acc7-493c-9b0f-d17f4542f339" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36" T="32.099" P="6967" XF="-"
> ++++++++++
> 
> I could not find any other directive to limit times for my upload request.
> Is there another right way to do it ?

For client request body, the only available timeout option is 
client_body_timeout, which defines a timeout between two read 
operations, but not a total upload time (see 
http://nginx.org/r/client_body_timeout for details).  It can be 
accompanied by limit_conn (http://nginx.org/r/limit_conn) to limit 
the total number of connections from each client.

If you want something more sophisticated, an option to consider 
might be "proxy_request_buffering off;" and appropriate limits on 
the backend side (see https://nginx.org/r/proxy_request_buffering 
for details).  This might not be a good solution though, since in 
most cases keeping connections on nginx side is way cheaper than 
passing them to backends.

-- 
Maxim Dounin
http://mdounin.ru/
  • Page 1 of 1
Reply