Issue
Some users may experience HTTP/2 limit errors, such as "http2_server_refused_stream." These errors can be related to the default value of http2_max_concurrent_streams, which is set to 128 by default. The default value might not be suitable for all environments, and increasing it may help resolve the issue.
Environment
- Imunify360-webshield
- HAProxy
Solution
To address HTTP/2 limit errors, you can increase the http2_max_concurrent_streams parameter within the http section using the existing include section in your Imunify360 WebShield configuration /etc/imunify360-webshield/webshield-http.conf.d/ by running the following commands:
echo 'http2_max_concurrent_streams 512;' > /etc/imunify360-webshield/webshield-http.conf.d/http2_max_concurrent_streams.conf echo 'keepalive_requests 5000;' > /etc/imunify360-webshield/webshield-http.conf.d/keepalive_requests.conf
imunify360-webshield -t imunify360-webshield -s reload
Cause
The default values might not suite every environment, if connections originate from one HAProxy IP or via migrated proxy.
Useful links
https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams
Comments
0 comments
Please sign in to leave a comment.