413 Request too large when proxying via Cloudflare Zero Trust

[fmcglinn]

There seems to be a limit to the length of the headers, this request is total HTTP payload of 318 bytes, so not excessively large. This is easy to replicate as this is via a default install with Cloudflare tunnel + Zero Trust.

App Version: 2.3.3
Firmware: 2.2.0 (1)
Hardware Version: 3.2 - DC

Host: opensprinkler.xxx.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,en-NZ;q=0.7
Cache-Control: max-age=0
Cdn-Loop: cloudflare
Cf-Access-Authenticated-User-Email: xxx@xxx.xxx
Cf-Access-Jwt-Assertion: xxxxx
Cf-Connecting-Ip: 2406:xxxx
Cf-Ipcountry: AU
Cf-Ray: xxxx-SYD
Cf-Visitor: {"scheme":"https"}
Cf-Warp-Tag-Id: xxxx
Connection: keep-alive
Cookie: CF_AppSession=xxxx; CF_Authorization=xxxx
Dnt: 1
Referer: https://xxxx.cloudflareaccess.com/
Sec-Ch-Ua: "Google Chrome";v="119", "Chromium";v="119", "Not?A_Brand";v="24"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "macOS"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 2406:xxxx
X-Forwarded-Proto: https

HTTP/1.1 413 Request too large

The request was too large```

[yeltnar]

I'm not one of the developers, but If you delete headers going from Cloudflare to the destination address, does it work?

I was not using Cloudflare, but this solved my proxy issue.

[fmcglinn]

Yep - stripping all headers in nginx before proxying it locally fixed it:

    listen 80;
    server_name opensprinkler.xxx.xxx;

    location / {
        proxy_pass http://10.x.x.x;
        proxy_pass_request_headers off;
        }
}