How to fix 400 Bad Request: Request Header or Cookie too Large with Nginx

|

|

The post provides solutions to the ‘Nginx 400 Bad Request Header or Cookies Too Large’ error. Suggested actions include adjusting Nginx’s buffer size to accommodate large cookies, amending the server configuration file about large client header buffers, and removing proxy_set_header from the proxy configuration block. If these steps fail, it recommends clearing browser cookies and…

This article describes steps to resolve the Nginx 400 Bad Request Header or Cookies error.

I run some of my websites via Nginx HTTP servers, and some of my Nginx configurations are configured for different environments. So, when I got this error message (400 Bad Request: Request Header or Cookie Too Large) while working on one of my servers, I quickly researched and resolved it.

If you are in a similar situation, follow the steps below to resolve it quickly.

Oh, by the way, this could also be your browser is sending a huge cookie, and the server is refusing to serve the page. In addition, a browser sending large cookies could also be an Nginx configuration issue, and adjusting Nginx’s buffer size to accommodate large cookies could help.

If you don’t want to clear or reset your browser cookies, follow the steps below to adjust the Nginx configuration to allow large cookies.

When you see this error message, it means a header or some of the headers sent to Nginx are too large and well over the configuration limit, and Nginx rejects them. To get it resolved, follow the steps below:

Oh, so you know, Nginx’s default buffer number and size are 4 and 8k, respectively.

So you’ll get that error message if a header size is above the limit above.

Next, on the Nginx HTTP server, open the server configuration file.

sudo nano /etc/nginx/sites-available/example.com.conf

The location of your server configuration file may differ from the above. When the file opens, add this line of configuration and save.

server {
    # .
    large_client_header_buffers 4 16k;
    # .
}

Save the file and exit.

The Nginx states that the line is only valid in HTTP or server contexts. So make sure you add the configuration line or context. After that, restart or reload the Nginx server.

sudo systemctl reload nginx.service

Test again, and the error should be gone.

If you still get the error after restarting, bump the number to 4 and 32k. Then restart the Nginx server.

Another thing to look at is if you’re running an Nginx proxy with proxy_set_header config, you should remove that line from your proxy configuration block.

For example, remove the line below from your proxy configuration block if you have it configured, then save and restart Nginx.

proxy_set_header Host app.example.com;

These steps above should get you back to a functioning site.

If all the steps above don’t work, other issues may be in play there. First, please clear your browser’s cookies and maybe reset them by deleting all stored data. Then, hopefully, it should work.

Like this:



8 responses to “How to fix 400 Bad Request: Request Header or Cookie too Large with Nginx”

  1. Pete Avatar
    Pete

    Why remove proxy_set_header Host? Don’t just remove stuff you don’t understand?

    1. Reza Avatar
      Reza

      Request Header Or Cookie Too Large

  2. MOOLESH Avatar
    MOOLESH

    VERY NICE

  3. Random Avatar
    Random

    am sorry but please stop showing that

  4. Milton Inguane Avatar
    Milton Inguane

    Very good

  5. zayan Avatar
    zayan

    Why it is no working

  6. Robert Stumpe Avatar
    Robert Stumpe

    why remove proxy_set_header Host ?
    some sites will stop working
    SMH

  7. Andrei Avatar
    Andrei

    horrible idea to remove the Host header, you probably saw that here https://stackoverflow.com/questions/17524396/400-bad-request-request-header-or-cookie-too-large and thought it was a good idea for some reason. you’re also suggesting to “bump 4 to 32k” but that’s also incorrect if you go over syntax, it should be doubling 16k to 32k not bumping the number of buffers.. avoid the changes suggested here, go read over the docs instead.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.