For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mauricio_Garant's avatar
Mauricio_Garant
Icon for Nimbostratus rankNimbostratus
Feb 07, 2015

HTTP header (3XXXX) exceeded maximum allowed size of 3XXXX - Irule Problem

Hello Friends

I'm having these errors about "HTTP Header Exceeded maximmum allowed size":

Feb 6 15:49:59 BOGEAWF5LTMP01 err tmm[11181]: 011f0005:3: HTTP header (36400) exceeded maximum allowed size of 36000 (Client side: vip=/Common/VS_PX_IGUANA profile=http pool=/Common/Proxy_Pool client_ip=10.162.153.36) Feb 6 15:50:02 BOGEAWF5LTMP01 err tmm[11181]: 011f0005:3: HTTP header (36400) exceeded maximum allowed size of 36000 (Client side: vip=/Common/VS_PX_IGUANA profile=http pool=/Common/Proxy_Pool client_ip=10.162.153.36) Feb 6 15:50:06 BOGEAWF5LTMP01 err tmm1[11181]: 011f0005:3: HTTP header (36400) exceeded maximum allowed size of 36000 (Client side: vip=/Common/VS_PX_IGUANA profile=http pool=/Common/Proxy_Pool client_ip=10.162.153.36)

I did search info about that error, and i found an Irule in this Link: https://devcentral.f5.com/questions/http-profile-maximum-header-size

The Irule is following:

    when HTTP_REQUEST {

     Check the total HTTP headers size
if {[string length [HTTP::request]] > 10000 }{

     Check if the URI is very long
    if {[string length [HTTP::uri]] > 1000}{

        log local0. "Uri is long. Length [string length [HTTP::uri]], URI: [HTTP::uri]"

         Exit this event from this iRule
        return
    }

     Loop through the headers by name
    foreach header {[HTTP::header names]} { 

         Check for a long header value
        if {[string length [HTTP::header value $header]] > 1000 } { 
            log local0. "Header is long. Header Name: $header,\
                Length: [string length [HTTP::header value $header]], Value: [HTTP::header value $header]" 
             Exit this event from this iRule
            return
        }
    }

     If we are still here the request was large, but not the URI or any single header.
     Log the first 1k bytes of the full request
    log local0. "Request is long: [HTTP::request]"
}
    }

I used this irule to log the header values, but this irule affects the HTTPS connections that not terminating in the F5. I am balancing two Bluecoat Proxies but the SSL interception is being done in the Proxies directly. You can help me with a modification from this irule to avoid this behavior?

application delivery
devops
iRules
LTM

2 Replies