cancel
Showing results for 
Search instead for 
Did you mean: 

HTTP 413 error

Agathe_309970
Altocumulus
Altocumulus

Hi everyone,

 

I have a specific problem and I want to know if you already see that and if you have a solution.

 

I need to do HTTP POST on a reverse proxy. But I have sometimes the following return : 413 Request Entity Too Large

 

All works fine directly on the serveur. But when I do the HTTP POST on the URL (so the traffic pass by the F5 BIG IP), I have the HTTP error.

 

The file does 10Mo.

 

Thanks a lot in advance.

 

Best regards,

 

Agathe

 

17 REPLIES 17

PeteWhite
F5 Employee
F5 Employee

Do you have ASM configured? Anything else you can supply about your configuration?

 

Agathe_309970
Altocumulus
Altocumulus

Hi,

 

ASM is installed but not used.

 

There is not a lot of thing about the configuration. The BIG IP is used as a reverse proxy. I don't touch a lot to the configuration of profil (http profil, ssl client/server profile,...). I try to double the SSL buffer size but no change.

 

Thanks.

 

Agathe

 

Dear Agathe,

 

I am also facing the same issue, that your experienced. When doing HTTP post, one of my web application throwing an error : "Request Entity Too Large". Without BIG IP WAF web application working fine, I have already done lot of work around, but no result.

 

I hope your issue resolved, could you please help me out for this issue??

 

Regards

 

Christy Thomas

PeteWhite
F5 Employee
F5 Employee

OK, you could look at the Enforcement area of the http profile and try to increase some of the numbers (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-profiles-reference-12-1-0/2....).

 

Have you done a tcpdump to be certain that this is being sent by the BIG-IP?

 

Agathe_309970
Altocumulus
Altocumulus

Yes I already test some of these parameters.

 

With the tcpdump, I see the trafic with a "Encrypted Alert" but I don't find the cause and how to solve this.

 

I activate the HTTP analytic too and I just see the HTTP response "413 Request Entity Too Large".

 

I am not sure that the problem is the BIG IP. It could be the server but directly, it's working. So it may be a problem on the server with the SSL offload, the HTTP request, ... I don't really know.

 

Thanks.

 

Agathe

 

PeteWhite
F5 Employee
F5 Employee

OK, I would suggest that you do some logging via iRules to see when it is happening and where the error is coming from. It seems to me that it is coming from the server, I would expect the BIG-IP to reset the connection rather than send the 413 response. You are welcome to PM me an iHealth link if you want me to look at your configuration

 

youssef1
Cumulonimbus
Cumulonimbus

Hi,

 

I think that your problem come from your backend, 413 errors occur when the request body is larger than the server is configured to allow. Here’s how you can fix it, depending on your web server:

 

Apache: Set the LimitRequestBody directive in either your httpd.conf file or a local .htaccess file:

 

(https://stackoverflow.com/a/3719358/1688568)

 

Nginx: Set the client_max_body_size directive in nginx.conf:

 

(http://www.cyberciti.biz/faq/linux-unix-bsd-nginx-413-request-entity-too-large/)

 

IIS: Set the uploadreadaheadsize config setting:

 

(http://blogs.msdn.com/b/jiruss/archive/2007/04/13/http-413-request-entity-too-large-can-t-upload-lar...)

 

Keep me in touch.

 

regards,

 

Mohit_Rathee
Nimbostratus
Nimbostratus

I am facing the same issue , whenever uploading the document we encounter 413 error , uploading directly to server there is no issue.

Any update on the solution.

 

Do you have ASM configured? If so, increase the file size limit

No, ASM is not configured , we are using LTM only.

When we configured SSL Pass through in LTM it works but when SSL Bridging is used then issue arises,

Some issue with SSL connection establishment between LTM and the server.

413 Error is not send by F5 rather by server when SSL negotiation fails between the two.

Marvin
Cirrostratus
Cirrostratus

same issue here any news from someone directly to server the API POST call works and via F5 we get 413 from server, trying to decrypt traffic but I only see the clientside traffic decrypted not the serverside, probably F5 inserts some more headers maybe just assuming.

Marvin
Cirrostratus
Cirrostratus

what i can add to this is that when the virtual server is configured in Performance layer 4 it works correctly when applying http profile this unexpected 413 HTTP response code is seen

keep in mind you are responding to a question from 2018 with different people and different situations.

it might be wiser to start a new question and give all the details specific for your situation.

Marvin
Cirrostratus
Cirrostratus

So after analysis with F5 support and case was escalated and their statement was "Likely the problem is there because when the configures VS to re-encrypt traffic (clientssl and serverssl profiles attached), the SSL handshake is slightly different than when fastL4 is used and this is expected"

So guess what i forward traffic on port 80 and it works no issues with bigger file uploads, only when enabling SSL this occurs. Looking still for the root cause here.

if you are already in contact with F5 support let them come up with the root cause, they are best suited to investigate things like this.

if they don't want to and have a valid reason, you seem quite close with a root cause then capture the traffic and look for the differences.

ok guys I have the anwser, on apache server there exist SSLRenegBufferSize parameter https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslrenegbuffersize 

When you have F5 configured as SSL bridging by default it renegotiates SSL in serverssl profile, which could cause the error in apache ssl.log AH02018: request body exceeds maximum size (131072) for SSL buffer.

There are 3 possible fixes for it:
1. Turn off renegotiation in server SSL profile.
2. Change SSLRenegBufferSize to higher on Apache server
3. Change Renegotiate size in serverssl profile the same as Apache

What I tried was increasing the SSLRenegBufferSize parameter in Apache, but there are several solutions provided by F5 support.

thank you very much for replying with the answer.