Unable to login into iRedAdmin when using Cloudflare: invalid request block size

Question

Unable to login into iRedAdmin when using Cloudflare: invalid request block size

opened this issue 2 years ago · comments

I'm not sure if this project is still alive judging by the list of (inactive?) issues but I wanted to try it out for a personal email and found out about this. When using the Cloudflare proxy (and combined with Cloudflare Access), trying to login into iRedAdmin returns a 502 Bad Gateway page and throws the following error in logs:

Feb  7 16:05:42 mail iredadmin: [172.17.0.1] GET /iredadmin/login 200 5297 "-"
Feb  7 16:05:43 mail iredadmin: invalid request block size: 4116 (max 4096)...skip

As far as I investigated, this seems to be because of Cloudflare adding extra data to the Cookie header. A workaround such as clearing cookies before logging in can be used, but it is nowhere near ideal. I also put the endpoint behind Cloudflare Access as well, so that might also be adding even more data to the header. The webmail service in the other end works flawlessly.

I'm running the container like this:

$ docker run \
    --rm \
    --name iredmail \
    --env-file iredmail-docker.conf \
    --hostname [redacted] \
    -p 8089:80 \
    -p 9443:443 \
    -p 110:110 \
    -p 995:995 \
    -p 143:143 \
    -p 993:993 \
    -p 25:25 \
    -p 465:465 \
    -p 587:587 \
    -v /iredmail/data/backup-mysql:/var/vmail/backup/mysql \
    -v /iredmail/data/mailboxes:/var/vmail/vmail1 \
    -v /iredmail/data/mlmmj:/var/vmail/mlmmj \
    -v /iredmail/data/mlmmj-archive:/var/vmail/mlmmj-archive \
    -v /iredmail/data/imapsieve_copy:/var/vmail/imapsieve_copy \
    -v /iredmail/data/custom:/opt/iredmail/custom \
    -v /iredmail/data/ssl:/opt/iredmail/ssl \
    -v /iredmail/data/mysql:/var/lib/mysql \
    -v /iredmail/data/clamav:/var/lib/clamav \
    -v /iredmail/data/sa_rules:/var/lib/spamassassin \
    -v /iredmail/data/postfix_queue:/var/spool/postfix \
    iredmail/mariadb:stable

I also tried to run it with the iredmail/mariadb:nightly image to see if that would work, however, it threw some MySQL Permission denied errors and then exited.

Note: You will NOT be able to reproduce this issue instantly. You will probably need to login (into both iRedAdmin and the Roundcube webmail), do some things and logout before being able to reproduce it. You could also try to create a large cookie manually. Some of the cookies I had were:

iRedAdmin-MYSQL
CF_AppSession
CF_Authorization (by far the largest one)
roundcube_sessid
roundcube_sessauth

iRedMail · Answer 1 · Wed Feb 08 2023 00:57:27 GMT+0800 (China Standard Time)

/opt/www/iredadmin/rc_scripts/uwsgi/*.ini should have bigger value for "buffer-size =" parameter. For example:
https://github.com/iredmail/iRedAdmin/blob/master/rc_scripts/uwsgi/debian.ini#L7

Deleted user · Answer 2 · Wed Feb 08 2023 07:15:46 GMT+0800 (China Standard Time)

/opt/www/iredadmin/rc_scripts/uwsgi/*.ini should have bigger value for "buffer-size =" parameter. For example: https://github.com/iredmail/iRedAdmin/blob/master/rc_scripts/uwsgi/debian.ini#L7

What would be the best way of changing this?

iRedMail · Answer 3 · Wed Feb 08 2023 11:24:32 GMT+0800 (China Standard Time)

As a temporary solution, you can add a shell command in /opt/iredmail/custom/iredadmin/custom.sh to modify this file.