Hi everyone, I have a specific problem and I want to know if you already see that and if you have a solution. I need to do HTTP POST on a reverse proxy. But I have sometimes the following return : 413 Request Entity Too Large All works fine directly on the serveur. But when I do the HTTP POST on the URL (so the traffic pass by the F5 BIG IP), I have the HTTP error. The file does 10Mo. Thanks a lot in advance. Best regards, Agathe

Hi, ASM is installed but not used. There is not a lot of thing about the configuration. The BIG IP is used as a reverse proxy. I don't touch a lot to the configuration of profil (http profil, ssl client/server profile,...). I try to double the SSL buffer size but no change. Thanks. Agathe

ok guys I have the anwser, on apache server there exist SSLRenegBufferSize parameter https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslrenegbuffersize When you have F5 configured as SSL bridging by default it renegotiates SSL in serverssl profile, which could cause the error in apache ssl.log AH02018: request body exceeds maximum size (131072) for SSL buffer.There are 3 possible fixes for it:1. Turn off renegotiation in server SSL profile.2. Change SSLRenegBufferSize to higher on Apache server3. Change Renegotiate size in serverssl profile the same as ApacheWhat I tried was increasing the SSLRenegBufferSize parameter in Apache, but there are several solutions provided by F5 support.

Do you have ASM configured? Anything else you can supply about your configuration?

OK, you could look at the Enforcement area of the http profile and try to increase some of the numbers (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-profiles-reference-12-1-0/2.htmlunique_1171962380). Have you done a tcpdump to be certain that this is being sent by the BIG-IP?

Yes I already test some of these parameters. With the tcpdump, I see the trafic with a "Encrypted Alert" but I don't find the cause and how to solve this. I activate the HTTP analytic too and I just see the HTTP response "413 Request Entity Too Large". I am not sure that the problem is the BIG IP. It could be the server but directly, it's working. So it may be a problem on the server with the SSL offload, the HTTP request, ... I don't really know. Thanks. Agathe

HTTP 413 error | DevCentral

20 Replies

Rahul_Mishra
Nimbostratus
Mar 12, 2025
I am facing the same issue. Traffic is reaching the Virtual Server (VS) with a pool attached to the actual backend server. The application is working fine, but when trying to upload a 4MB file, I receive the error:

"Request Entity Too Large – The requested resource does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit."
Troubleshooting steps attempted:
Disabled renegotiation in the server SSL profile.
Disabled renegotiation in both client and server SSL profiles.
Attached HTTP profiles (LAN Optimized, WAN Optimized).
Applied HTTP Compression, Web Acceleration, and HTTP/2 profiles.
Changed protocol to TCP and UDP.
Captured a TCP dump, and no RST packets were found, but I observed an "Encrypted Alert."
Any suggestions for further troubleshooting?
- Marvin
  Cirrocumulus
  Mar 12, 2025
  My answer is in one of the replies here, if you use apache check the renegotiate buffersize.
Rahul_Mishra
Nimbostratus
Mar 12, 2025
I am facing the same issue. Traffic is reaching the Virtual Server (VS) with a pool attached to the actual backend server. The application is working fine, but when trying to upload a 4MB file, I receive the error:

"Request Entity Too Large – The requested resource does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit."
Troubleshooting steps attempted:
Disabled renegotiation in the server SSL profile.
Disabled renegotiation in both client and server SSL profiles.
Attached HTTP profiles (LAN Optimized, WAN Optimized).
Applied HTTP Compression, Web Acceleration, and HTTP/2 profiles.
Changed protocol to TCP and UDP.
Captured a TCP dump, and no RST packets were found, but I observed an "Encrypted Alert."
Any suggestions for further troubleshooting?
Marvin
Cirrocumulus
Aug 08, 2022
So after analysis with F5 support and case was escalated and their statement was "Likely the problem is there because when the configures VS to re-encrypt traffic (clientssl and serverssl profiles attached), the SSL handshake is slightly different than when fastL4 is used and this is expected"
So guess what i forward traffic on port 80 and it works no issues with bigger file uploads, only when enabling SSL this occurs. Looking still for the root cause here.
- boneyard
  MVP
  Aug 09, 2022
  if you are already in contact with F5 support let them come up with the root cause, they are best suited to investigate things like this.
  
  if they don't want to and have a valid reason, you seem quite close with a root cause then capture the traffic and look for the differences.
  - Marvin
    Cirrocumulus
    Aug 18, 2022
    ok guys I have the anwser, on apache server there exist SSLRenegBufferSize parameter https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslrenegbuffersize
    When you have F5 configured as SSL bridging by default it renegotiates SSL in serverssl profile, which could cause the error in apache ssl.log AH02018: request body exceeds maximum size (131072) for SSL buffer.
    There are 3 possible fixes for it:
    1. Turn off renegotiation in server SSL profile.
    2. Change SSLRenegBufferSize to higher on Apache server
    3. Change Renegotiate size in serverssl profile the same as Apache
    What I tried was increasing the SSLRenegBufferSize parameter in Apache, but there are several solutions provided by F5 support.
Marvin
Cirrocumulus
Aug 03, 2022
what i can add to this is that when the virtual server is configured in Performance layer 4 it works correctly when applying http profile this unexpected 413 HTTP response code is seen
- boneyard
  MVP
  Aug 03, 2022
  keep in mind you are responding to a question from 2018 with different people and different situations.
  
  it might be wiser to start a new question and give all the details specific for your situation.
Marvin
Cirrocumulus
Jul 29, 2022
same issue here any news from someone directly to server the API POST call works and via F5 we get 413 from server, trying to decrypt traffic but I only see the clientside traffic decrypted not the serverside, probably F5 inserts some more headers maybe just assuming.
Mohit_Rathee
Nimbostratus
Sep 21, 2021
I am facing the same issue , whenever uploading the document we encounter 413 error , uploading directly to server there is no issue.
Any update on the solution.
- PeteWhite
  Employee
  Sep 21, 2021
  Do you have ASM configured? If so, increase the file size limit
  - Mohit_Rathee
    Nimbostratus
    Sep 22, 2021
    No, ASM is not configured , we are using LTM only.
    When we configured SSL Pass through in LTM it works but when SSL Bridging is used then issue arises,
    Some issue with SSL connection establishment between LTM and the server.
    413 Error is not send by F5 rather by server when SSL negotiation fails between the two.
youssef1
Cumulonimbus
Aug 31, 2018
Hi,

I think that your problem come from your backend, 413 errors occur when the request body is larger than the server is configured to allow. Here’s how you can fix it, depending on your web server:

Apache: Set the LimitRequestBody directive in either your httpd.conf file or a local .htaccess file:

(https://stackoverflow.com/a/3719358/1688568)

Nginx: Set the client_max_body_size directive in nginx.conf:

(http://www.cyberciti.biz/faq/linux-unix-bsd-nginx-413-request-entity-too-large/)

IIS: Set the uploadreadaheadsize config setting:

(http://blogs.msdn.com/b/jiruss/archive/2007/04/13/http-413-request-entity-too-large-can-t-upload-large-files-using-iis6.aspx)

Keep me in touch.

regards,
PeteWhite
Employee
Aug 30, 2018
OK, I would suggest that you do some logging via iRules to see when it is happening and where the error is coming from. It seems to me that it is coming from the server, I would expect the BIG-IP to reset the connection rather than send the 413 response. You are welcome to PM me an iHealth link if you want me to look at your configuration
Agathe_309970
Altocumulus
Aug 30, 2018
Yes I already test some of these parameters.

With the tcpdump, I see the trafic with a "Encrypted Alert" but I don't find the cause and how to solve this.

I activate the HTTP analytic too and I just see the HTTP response "413 Request Entity Too Large".

I am not sure that the problem is the BIG IP. It could be the server but directly, it's working. So it may be a problem on the server with the SSL offload, the HTTP request, ... I don't really know.

Thanks.

Agathe
PeteWhite
Employee
Aug 30, 2018
OK, you could look at the Enforcement area of the http profile and try to increase some of the numbers (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-profiles-reference-12-1-0/2.htmlunique_1171962380).

Have you done a tcpdump to be certain that this is being sent by the BIG-IP?