Hi,

ASM is installed but not used.

There is not a lot of thing about the configuration. The BIG IP is used as a reverse proxy. I don't touch a lot to the configuration of profil (http profil, ssl client/server profile,...). I try to double the SSL buffer size but no change.

Thanks.

Agathe

OK, you could look at the Enforcement area of the http profile and try to increase some of the numbers (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-profiles-reference-12-1-0/2....).

Have you done a tcpdump to be certain that this is being sent by the BIG-IP?

Yes I already test some of these parameters.

With the tcpdump, I see the trafic with a "Encrypted Alert" but I don't find the cause and how to solve this.

I activate the HTTP analytic too and I just see the HTTP response "413 Request Entity Too Large".

I am not sure that the problem is the BIG IP. It could be the server but directly, it's working. So it may be a problem on the server with the SSL offload, the HTTP request, ... I don't really know.

Thanks.

Agathe

OK, I would suggest that you do some logging via iRules to see when it is happening and where the error is coming from. It seems to me that it is coming from the server, I would expect the BIG-IP to reset the connection rather than send the 413 response. You are welcome to PM me an iHealth link if you want me to look at your configuration

Hi,

I think that your problem come from your backend, 413 errors occur when the request body is larger than the server is configured to allow. Here’s how you can fix it, depending on your web server:

Apache: Set the LimitRequestBody directive in either your httpd.conf file or a local .htaccess file:

(https://stackoverflow.com/a/3719358/1688568)

Nginx: Set the client_max_body_size directive in nginx.conf:

(http://www.cyberciti.biz/faq/linux-unix-bsd-nginx-413-request-entity-too-large/)

IIS: Set the uploadreadaheadsize config setting:

(http://blogs.msdn.com/b/jiruss/archive/2007/04/13/http-413-request-entity-too-large-can-t-upload-lar...)

Keep me in touch.

regards,

I am facing the same issue , whenever uploading the document we encounter 413 error , uploading directly to server there is no issue.

Any update on the solution.

same issue here any news from someone directly to server the API POST call works and via F5 we get 413 from server, trying to decrypt traffic but I only see the clientside traffic decrypted not the serverside, probably F5 inserts some more headers maybe just assuming.

what i can add to this is that when the virtual server is configured in Performance layer 4 it works correctly when applying http profile this unexpected 413 HTTP response code is seen

So after analysis with F5 support and case was escalated and their statement was "Likely the problem is there because when the configures VS to re-encrypt traffic (clientssl and serverssl profiles attached), the SSL handshake is slightly different than when fastL4 is used and this is expected"

So guess what i forward traffic on port 80 and it works no issues with bigger file uploads, only when enabling SSL this occurs. Looking still for the root cause here.