I have a specific problem and I want to know if you already see that and if you have a solution.
I need to do HTTP POST on a reverse proxy. But I have sometimes the following return : 413 Request Entity Too Large
All works fine directly on the serveur. But when I do the HTTP POST on the URL (so the traffic pass by the F5 BIG IP), I have the HTTP error.
The file does 10Mo.
Thanks a lot in advance.
ASM is installed but not used.
There is not a lot of thing about the configuration. The BIG IP is used as a reverse proxy. I don't touch a lot to the configuration of profil (http profil, ssl client/server profile,...). I try to double the SSL buffer size but no change.
I am also facing the same issue, that your experienced. When doing HTTP post, one of my web application throwing an error : "Request Entity Too Large". Without BIG IP WAF web application working fine, I have already done lot of work around, but no result.
I hope your issue resolved, could you please help me out for this issue??
OK, you could look at the Enforcement area of the http profile and try to increase some of the numbers (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-profiles-reference-12-1-0/2....).
Have you done a tcpdump to be certain that this is being sent by the BIG-IP?
Yes I already test some of these parameters.
With the tcpdump, I see the trafic with a "Encrypted Alert" but I don't find the cause and how to solve this.
I activate the HTTP analytic too and I just see the HTTP response "413 Request Entity Too Large".
I am not sure that the problem is the BIG IP. It could be the server but directly, it's working. So it may be a problem on the server with the SSL offload, the HTTP request, ... I don't really know.
OK, I would suggest that you do some logging via iRules to see when it is happening and where the error is coming from. It seems to me that it is coming from the server, I would expect the BIG-IP to reset the connection rather than send the 413 response. You are welcome to PM me an iHealth link if you want me to look at your configuration
I think that your problem come from your backend, 413 errors occur when the request body is larger than the server is configured to allow. Here’s how you can fix it, depending on your web server:
Apache: Set the LimitRequestBody directive in either your httpd.conf file or a local .htaccess file:
Nginx: Set the client_max_body_size directive in nginx.conf:
IIS: Set the uploadreadaheadsize config setting:
Keep me in touch.
No, ASM is not configured , we are using LTM only.
When we configured SSL Pass through in LTM it works but when SSL Bridging is used then issue arises,
Some issue with SSL connection establishment between LTM and the server.
413 Error is not send by F5 rather by server when SSL negotiation fails between the two.
same issue here any news from someone directly to server the API POST call works and via F5 we get 413 from server, trying to decrypt traffic but I only see the clientside traffic decrypted not the serverside, probably F5 inserts some more headers maybe just assuming.
keep in mind you are responding to a question from 2018 with different people and different situations.
it might be wiser to start a new question and give all the details specific for your situation.
So after analysis with F5 support and case was escalated and their statement was "Likely the problem is there because when the configures VS to re-encrypt traffic (clientssl and serverssl profiles attached), the SSL handshake is slightly different than when fastL4 is used and this is expected"
So guess what i forward traffic on port 80 and it works no issues with bigger file uploads, only when enabling SSL this occurs. Looking still for the root cause here.
if you are already in contact with F5 support let them come up with the root cause, they are best suited to investigate things like this.
if they don't want to and have a valid reason, you seem quite close with a root cause then capture the traffic and look for the differences.
ok guys I have the anwser, on apache server there exist SSLRenegBufferSize parameter https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslrenegbuffersize
When you have F5 configured as SSL bridging by default it renegotiates SSL in serverssl profile, which could cause the error in apache ssl.log AH02018: request body exceeds maximum size (131072) for SSL buffer.
There are 3 possible fixes for it:
1. Turn off renegotiation in server SSL profile.
2. Change SSLRenegBufferSize to higher on Apache server
3. Change Renegotiate size in serverssl profile the same as Apache
What I tried was increasing the SSLRenegBufferSize parameter in Apache, but there are several solutions provided by F5 support.