Forum Discussion

Agathe_309970's avatar
Agathe_309970
Icon for Altocumulus rankAltocumulus
Aug 29, 2018

HTTP 413 error

Hi everyone,

 

I have a specific problem and I want to know if you already see that and if you have a solution.

 

I need to do HTTP POST on a reverse proxy. But I have sometimes the following return : 413 Request Entity Too Large

 

All works fine directly on the serveur. But when I do the HTTP POST on the URL (so the traffic pass by the F5 BIG IP), I have the HTTP error.

 

The file does 10Mo.

 

Thanks a lot in advance.

 

Best regards,

 

Agathe

 

17 Replies

  • Hi,

     

    ASM is installed but not used.

     

    There is not a lot of thing about the configuration. The BIG IP is used as a reverse proxy. I don't touch a lot to the configuration of profil (http profil, ssl client/server profile,...). I try to double the SSL buffer size but no change.

     

    Thanks.

     

    Agathe

     

    • CHRISTY_THOMAS's avatar
      CHRISTY_THOMAS
      Icon for Cirrus rankCirrus

      Dear Agathe,

       

      I am also facing the same issue, that your experienced. When doing HTTP post, one of my web application throwing an error : "Request Entity Too Large". Without BIG IP WAF web application working fine, I have already done lot of work around, but no result.

       

      I hope your issue resolved, could you please help me out for this issue??

       

      Regards

       

      Christy Thomas

  • Do you have ASM configured? Anything else you can supply about your configuration?

     

  • Yes I already test some of these parameters.

     

    With the tcpdump, I see the trafic with a "Encrypted Alert" but I don't find the cause and how to solve this.

     

    I activate the HTTP analytic too and I just see the HTTP response "413 Request Entity Too Large".

     

    I am not sure that the problem is the BIG IP. It could be the server but directly, it's working. So it may be a problem on the server with the SSL offload, the HTTP request, ... I don't really know.

     

    Thanks.

     

    Agathe

     

  • OK, I would suggest that you do some logging via iRules to see when it is happening and where the error is coming from. It seems to me that it is coming from the server, I would expect the BIG-IP to reset the connection rather than send the 413 response. You are welcome to PM me an iHealth link if you want me to look at your configuration

     

  • Hi,

     

    I think that your problem come from your backend, 413 errors occur when the request body is larger than the server is configured to allow. Here’s how you can fix it, depending on your web server:

     

    Apache: Set the LimitRequestBody directive in either your httpd.conf file or a local .htaccess file:

     

    (https://stackoverflow.com/a/3719358/1688568)

     

    Nginx: Set the client_max_body_size directive in nginx.conf:

     

    (http://www.cyberciti.biz/faq/linux-unix-bsd-nginx-413-request-entity-too-large/)

     

    IIS: Set the uploadreadaheadsize config setting:

     

    (http://blogs.msdn.com/b/jiruss/archive/2007/04/13/http-413-request-entity-too-large-can-t-upload-large-files-using-iis6.aspx)

     

    Keep me in touch.

     

    regards,

     

  • I am facing the same issue , whenever uploading the document we encounter 413 error , uploading directly to server there is no issue.

    Any update on the solution.

     

    • PeteWhite's avatar
      PeteWhite
      Icon for Employee rankEmployee

      Do you have ASM configured? If so, increase the file size limit

      • Mohit_Rathee's avatar
        Mohit_Rathee
        Icon for Nimbostratus rankNimbostratus

        No, ASM is not configured , we are using LTM only.

        When we configured SSL Pass through in LTM it works but when SSL Bridging is used then issue arises,

        Some issue with SSL connection establishment between LTM and the server.

        413 Error is not send by F5 rather by server when SSL negotiation fails between the two.

  • Marvin's avatar
    Marvin
    Icon for Cirrocumulus rankCirrocumulus

    same issue here any news from someone directly to server the API POST call works and via F5 we get 413 from server, trying to decrypt traffic but I only see the clientside traffic decrypted not the serverside, probably F5 inserts some more headers maybe just assuming.

  • Marvin's avatar
    Marvin
    Icon for Cirrocumulus rankCirrocumulus

    what i can add to this is that when the virtual server is configured in Performance layer 4 it works correctly when applying http profile this unexpected 413 HTTP response code is seen

    • keep in mind you are responding to a question from 2018 with different people and different situations.

      it might be wiser to start a new question and give all the details specific for your situation.

  • Marvin's avatar
    Marvin
    Icon for Cirrocumulus rankCirrocumulus

    So after analysis with F5 support and case was escalated and their statement was "Likely the problem is there because when the configures VS to re-encrypt traffic (clientssl and serverssl profiles attached), the SSL handshake is slightly different than when fastL4 is used and this is expected"

    So guess what i forward traffic on port 80 and it works no issues with bigger file uploads, only when enabling SSL this occurs. Looking still for the root cause here.

    • if you are already in contact with F5 support let them come up with the root cause, they are best suited to investigate things like this.

      if they don't want to and have a valid reason, you seem quite close with a root cause then capture the traffic and look for the differences.

      • Marvin's avatar
        Marvin
        Icon for Cirrocumulus rankCirrocumulus

        ok guys I have the anwser, on apache server there exist SSLRenegBufferSize parameter https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslrenegbuffersize 

        When you have F5 configured as SSL bridging by default it renegotiates SSL in serverssl profile, which could cause the error in apache ssl.log AH02018: request body exceeds maximum size (131072) for SSL buffer.

        There are 3 possible fixes for it:
        1. Turn off renegotiation in server SSL profile.
        2. Change SSLRenegBufferSize to higher on Apache server
        3. Change Renegotiate size in serverssl profile the same as Apache

        What I tried was increasing the SSLRenegBufferSize parameter in Apache, but there are several solutions provided by F5 support.