client sent invalid header line in Nginx

client sent http/1.1 request without host header while reading client request headers
ignore invalid header nginx
nginx forward headers
nginx headers
nginx scheme
nginx remote_addr
nginx alias
nginx location

in Nginx error log file , getting error as

client sent invalid header line: "LocalDBUser_CREATE|USERNAME: User1" while reading client request headers

How to fix this issue.

My Nginx Conf file is

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
error_log  logs/error.log  info;

pid        logs/;

events {
    worker_connections  1024;
http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
        upstream uic_entry {

 server {
        listen       80;
        underscores_in_headers on;
            large_client_header_buffers 4 16k;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503         http_504;
           proxy_redirect off;
            proxy_buffering off;
           proxy_set_header        Host            $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-NginX-Proxy true;
             proxy_read_timeout 200;

    location / {
        #root   html;
        #index  index.html index.htm;
        #return 503;
                proxy_pass          http://uic_entry;

Please let me know how to fix the error

I guess, you need directive ignore_invalid_headers off.

Nginx discards invalid headers when ignore_invalid_headers is set , 2019/11/26 02:49:35 [info] 11483#11483: *9 client sent invalid method while reading client request line, client:, server: _,  Leave a comment. Add comments here to get more clarity or context around a question. To answer a question, use the “Answer” field below.

In this case you need: underscores_in_headers on;

Valid names are composed of English letters, digits, hyphens, and possibly underscores

Nginx Error: "client sent invalid method while reading client request , blacklabelops-legacy / nginx · Sign up. Why GitHub? Features → Still getting errors like "client sent invalid header line: "X_FORWARDED_PROTO: http" while reading client request headers" #43. Open. fantamp opened this  Nginx is working as a proxy server, from the browser I want to send few custom headers which should be received and logged by Nginx Proxy but before forwarding request to upstream server those headers should be removed from the request. So upstream server never come to know that there where any custom headers.

i have same problem. you need just remove from config of vhost

proxy_set_header Host $host;

Still getting errors like "client sent invalid header line , 400 Bad Request Client sent invalid request while reading client request line Access-Control-Allow-Headers Origin,X-Requested-With,Content-Type,Accept;  > the logs, it says "client sent invalid header line". > > Why is having a dot in the header name considered invalid? I searched the > relevant RFCs (2616 and 822) and they don't seem to exclude dot. May I know > the reason for nginx to reject headers with dot while other servers like > Apache httpd parse headers with dot just fine. > > Also

716 (400 Bad Request Client sent invalid request while , nginx.1 | 2015/11/11 21:45:40 [info] 21#21: *175 client sent invalid header: "​alexatoolbar-alx_ns_ph" while processing HTTP/2 connection, client:,  the reason for nginx to reject headers with dot while other servers like. Apache httpd parse headers with dot just fine. Also, in the nginx source I noticed a undocumented directive. "ignore_invalid_headers" which is on by default. It when set to off, makes. nginx passes such headers to the upstream server properly.

#831 (Possible incorrect handling of invalid headers with , Using telnet with the one-line GET request (and no host header): client sent invalid request while reading client request line. Random requests  The request in question is invalid, as it contains invalid escape sequence "%H5" in the request line. Quoting RFC3986: Because the percent ("%") character serves as the indicator for percent-encoded octets, it must be percent-encoded as "%25" for that octet to be used as data within a URI.

Securing Nginx proxy, Client may send only one simple header, or many headers with the same name each on its own line, or even one big header split into many lines. It's a kinda  Enables or disables the use of underscores in client request header fields. When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the ignore_invalid_headers directive.

  • Add it, or to remove it? It seems that OP needs to allow for invalid headers? it'd be good if you explained that his headers contain an invalid character, and that as long as the application doesn't need that header, OP can make nginx ignore the malformed header...