Name of HTTP response header is too large. HTTP "502" response from proxy.


Article ID: 166733


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


The full exception response is:


Response Error

Server's response could not be processed. Name of HTTP response header is too large
This could be caused by a malformed response, or possibly a misconfiguration.

connection: client.address=192.168.XX.X proxy.port=443 client.interface=1:0.1 routing-domain=default
  location-id=0 access_type=unknown
time: 2019-08-23 17:34:25 UTC
  DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299
user: name="DOMAIN\user_account" realm=AUTH_REALM_NAME_IWA
authentication status='none' authorization status='none'
EXCEPTION(invalid_response): Total length of HTTP response headers exceeded configured limit
  Last Error: Unexpected transaction termination on URL(, client IP(192.168.XX.X), server IP(27.4.X.X): Total length of HTTP response headers exceeded configured limit (100000)
  url.category: [email protected];[email protected];[email protected];[email protected] Coat
    total categorization time: 7
    static categorization time: 7
  server.certficate.hostname.category: [email protected];[email protected];[email protected];[email protected] Coat
    total categorization time: 1
    static categorization time: 1
server.response.code: 301
client.response.code: 502 none
application.operation: none none
DSCP client outbound: 65
DSCP server outbound: 65


The problem here is that the server was sending a response with an individual header name greater than 8kb. This would mean it would not fit in one block. This is hard coded and cannot be changed.

To verify this take a developer tool trace in the browser, save it as a .har file and using application of your choice open it.  Look over the request causing the issue which received the 502.