From 350179fc891abc44a269bd3099968beacdb17137 Mon Sep 17 00:00:00 2001
From: Dave <12233528+kawaiipantsu@users.noreply.github.com>
Date: Thu, 23 Feb 2023 16:51:42 +0100
Subject: [PATCH] Added detailed comment

Added a detailed comment on what the change is needed for and why it's there
---
 docker/nginx/dist/conf/tpotweb.conf | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/docker/nginx/dist/conf/tpotweb.conf b/docker/nginx/dist/conf/tpotweb.conf
index 384fe6ea..24e346ab 100644
--- a/docker/nginx/dist/conf/tpotweb.conf
+++ b/docker/nginx/dist/conf/tpotweb.conf
@@ -47,9 +47,12 @@ server {
     client_header_buffer_size 1k;
     client_max_body_size 2M;
     
-    ### Changed from OWASP defaults
-    ### To suit Kibana (long ajax uris) breaking 1024
-    ### Still keeping it very true to 1k
+    ### Changed from OWASP recommendations: "2 1k" to "2 1280" (So 1.2k)
+    ### When you pass though potentially another reverse proxy/load balancer
+    ### in front of tpotce you can introduce more headers than normal and
+    ### therefore you can exceed the allowed header buffer of 1k.
+    ### An 280 extra bytes seems to be working for most use-cases.
+    ### And still keeping it close to OWASP's recommendation.
     large_client_header_buffers 2 1280;
 
     ### Mitigate Slow HHTP DoS Attack