6 Replies Latest reply on Jun 22, 2016 9:59 AM by fdlprod

Large HTTP request headers

edwinb1 Feb 10, 2012 4:57 PM

Greetings, oh ye Mod_Clusters masters!

Our 'mod_cluster 1.1.0-Final' rig is configured to support SSO by way of SiteMinder, which has been working very well. We recently onboarded an application which started exhibiting errors like the following ...

[Fri Jan 13 22:08:21 2012] [error] ajp_msg_append_cvt_string(): BufferOverflowException 4 7524

[Fri Jan 13 22:08:21 2012] [error] ajp_marshal_into_msgb: Error appending the header value

[Fri Jan 13 22:08:21 2012] [error] ajp_send_header: ajp_marshal_into_msgb failed

[Fri Jan 13 22:08:21 2012] [error] (120001)APR does not understand this error code: proxy: AJP: request failed to aaa.bb.c.ddd:eeeee (aaa.bb.c.ddd)

This symptom prevented application requests from completing, but What was ununsual was that only a subset of users were affected. We soon found out that the affected users' requests carried an unusually large payload (>8KB) due to large header values that were being inject by SiteMinder. Switching to HTTP-connector yielded a similar error, so it's not necessarily an AJP fault. We've seen positive results when increasing request buffers sizes on HTTPD and Tomcat sides, but I'd like to understand the nature of this symptom.

We found some useful information on the AJP front here ..

http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html

... but is this a general request processing bug in between HTTPD and Tomcat regardless of protocol for which the only answer is to increase buffer sizes?

Many thanks,

Edwin

1. Re: Large HTTP request headers

jfclere Feb 13, 2012 4:18 AM (in response to edwinb1)

ProxyIOBufferSize httpd directive is the only way to have bigger buffer that fits to your big headers,
1 of 1 people found this helpful
Actions
2. Re: Large HTTP request headers

edwinb1 Feb 13, 2012 10:50 AM (in response to jfclere)

Thank you for your reply. Is there any guidance for a maximum buffer size?

Also, is there any outlook for a longer term solution? I ask this question while not knowing which component owns the limiting factor.

Regards,
Edwin
Actions
3. Re: Large HTTP request headers

jfclere Feb 14, 2012 11:50 AM (in response to edwinb1)

That is a protocol limitation.
Actions
4. Re: Large HTTP request headers

fdlprod Jun 20, 2016 5:53 AM (in response to jfclere)

HI,

unfortunately i am in WILDFLY 9.02 and mod cluster, due to kerberos large header i have the same problem but when i put this ProxyIOBufferSize 16000 for example my application is not more accessible, if i put imitRequestFieldSize 16000 i have the precedent problem...
have you a solution ?

mod cluster and mod_proxy_ajp
Actions
5. Re: Large HTTP request headers

jfclere Jun 21, 2016 11:41 AM (in response to fdlprod)

Try using mod_proxy_http instead.
Actions
6. Re: Large HTTP request headers

fdlprod Jun 22, 2016 9:59 AM (in response to jfclere)

Hi,

thank you with http connector it is not simply as mentioned because we have to add some directive in httpd like ProxyPreserveHost,

i mange to make it work with 2 directives :

LimitRequestFieldSize 16384
ProxyIOBufferSize 16384

it must be a 1024 multiple and at top level in conf file (not in virtualhost)

and if in active directory there is more than 1000 group we have to change the MaxPageSize for ldap retrieving, it is working like a charm
Actions

Go to original post