"Error: Input line too long" when adding more tenants to Tenant Restriction policy
Article ID: 381538
Updated On: 11-13-2024
Products
Issue/Introduction
When adding more headers to EdgeSWG Policies to restrict Office 365 Access via Controlling Office 365 access using tenant restrictions on Edge SWG (ProxySG) using TRv1, you encounter the following error:
% Load failed with error(s)Error: Input line too longcentral:20: set(request.x_header.RestError: Expecting a valid action identifier, or an end to the current action definition: ''central:20: set(request.x_header.Rest
Environment
Edge SWG (ProxySG) with Office 365 Tenant Restriction policies
Cause
There is an 8 KB string length limitation on HTTP headers in EdgeSWG.
Resolution
Suppose you have existing "TenantHeader" Object that you have in your existing policy to restrict Tenants such as:
define action TenantHeaders
set(request.x_header.Restrict-Access-To-Tenants, "sub_domain_1.onmicrosoft.com, ........, sub_domain_250.onmicrosoft.com")
end action TenantHeaders
You can create another policy object called "MoreTenantHeaders" to append additional headers to the "TenantHeaders" Object like this:
define action MoreTenantHeaders append(request.x_header.Restrict-Access-To-Tenants, "sub_domain_300.onmicrosoft.com, ........,sub_domain_340.onmicrosoft.com")end action MoreTenantHeaders
When calling the objects in a policy rule, ensure that the new "MoreTenantHeaders" object comes before the original object on the policy rule line:
<Proxy>condition=TenantRestrictionDestinations action.MoreTenantHeaders(yes) action.TenantHeaders(yes)Additional Information
Feedback
