Forum Discussion
NimbostratusThis site can' be reached error
Hello ,
I just setup a virtual server with an http to https redirection on a BIGIP ver 11.6.0 but when trying to connect via browser I get "This site can't be reached " error. From the log I see messages like this with http header value changing;
HTTP header (34020) exceeded maximum allowed size of 32768 (Client side: vip=/Common/vs_vantage-php7- beta_80 profile=http addr=XX.XX.XX.43 port=80 rtdom_id=0 client_ip=184.75.14.18
Also I ran the following and it seems getting connected:
-sh-4.1$ openssl s_client -showcerts -connect vantage-php7-beta.interactivedata.com:443 CONNECTED(00000003) depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA verify return:1 depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2 verify return:1 depth=0 C = US, ST = Massachusetts, L = Bedford, O = Interactive Data Corporation, CN = *.interactivedata.com
verify return:1
Certificate chain 0 s:/C=US/ST=Massachusetts/L=Bedford/O=Interactive Data Corporation/CN=*.interactivedata.com i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2 -----BEGIN CERTIFICATE----- MIIFZzCCBE+gAwIBAgIMFHeoWRQykn/db9CkMA0GCSqGSIb3DQEBCwUAMGYxCzAJ BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g RzIwHhcNMTYwOTIxMjMyNjAyWhcNMTgwOTIyMjMyNjAyWjB+MQswCQYDVQQGEwJV UzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEQMA4GA1UEBxMHQmVkZm9yZDElMCMG A1UEChMcSW50ZXJhY3RpdmUgRGF0YSBDb3Jwb3JhdGlvbjEeMBwGA1UEAwwVKi5p bnRlcmFjdGl2ZWRhdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-----END CERTIFICATE----- 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2 i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA -----BEGIN CERTIFICATE----- MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
-----END CERTIFICATE-----
Server certificate subject=/C=US/ST=Massachusetts/L=Bedford/O=Interactive Data Corporation/CN=*.interactivedata.com
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
No client certificate CA names sent
Server Temp Key: DH, 1024 bits SSL handshake has read 3216 bytes and written 437 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : DHE-RSA-AES256-GCM-SHA384 Session-ID: 79057A6B150CDC27482C6FD0E799BBE4A826B3113334F9303B41B21773FB4CD0 Session-ID-ctx: Master-Key: 4C8D65F01D14425F0160ACEB80B49D9767900B26A0214789D3324E2D3E440164437820B9351AE27FF568D7C4D9F63716 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1495570845 Timeout : 300 (sec)
Verify return code: 0 (ok)
read:errno=104 -sh-4.1$
Do you know what setup in LTM I should start looking?
Thanks for the help. Rey
Jad_Tabbara__J1Cirrostratus
Hi Reynaldo,
Check the following parameter in the HTTP Profile :
Maximum header size : This setting specifies the maximum size in bytes that the BIG-IP system allows for all HTTP request headers combined, including the request line. If the combined headers length in bytes in a client request exceeds this value, the system stops parsing the headers and resets the TCP connection. The default value is 32,768 bytes.
Regards