769ae7a6d3
Follow-up to the 64k bump: raised bot-block-proxy large_client_header_buffers to 256k and corrected the rationale. Investigation found the *binding* limit for browsers is Traefik's HTTP/2 header cap (~64KB, Go maxHeaderListSize, not exposed by Traefik config) — oversized authentik_proxy_* cookie piles are rejected at the h2 layer upstream of bot-block regardless of these buffers. The real fix for >64KB piles is reducing authentik_proxy_* cookie accumulation (or clearing cookies); these buffers only prevent bot-block being a tighter bottleneck for sub-64KB piles + HTTP/1.1 clients. [ci skip] Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| modules/traefik | ||
| main.tf | ||
| secrets | ||
| terragrunt.hcl | ||