NSX Global Search Fails with '414 Request-URI Too Long' After Upgrade Due to External Apache Proxy Limit
search cancel

NSX Global Search Fails with '414 Request-URI Too Long' After Upgrade Due to External Apache Proxy Limit

book

Article ID: 416024

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • After upgrading NSX from version 4.1.1 to 4.2.1, the global search bar functionality fails to operate.
  • Attempts to use the global search in NSX manager returns a "414 Request-URI Too Long" error.
  • This issue is consistently observed across all login methods (VIP, direct login to manager nodes) and with both AD and admin credentials.
  • The nsxapi.log shows the UI logging the 414 error message, confirming the UI received this specific response:
    <timestamp> INFO http-nio-127.0.0.1-7440-exec-### UI_LOG ### - [nsx@6876 comp="nsx-manager" level="INFO" reqId="######" subcomp="manager" username="####"] {"user":"####","message":{"error_message":"Error: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">n<html><head>n<title>414 Request-URI Too Long</title>n</head><body>n<h1>Request-URI Too Long</h1>n<p>The requested URL's length exceeds the capacitynlimit for this server.<br />n</p>n<p>Additionally, a 400 Bad Requestnerror was encountered while trying to use an ErrorDocument to handle the request.</p>n</body></html>n (Error code: 414)","error_code":414}
  • Internal Envoy logs (envoy_access_log.txt or localhost_access_log.txt) show no entries for the failing search requests, indicating that these requests are not reaching the NSX Manager's internal Envoy proxy

Environment

VMware NSX-T 4.2.1

Cause

The "414 Request-URI Too Long" error is caused by an external Apache proxy/SSL Gateway intercepting and rejecting the search requests. The LimitRequestline directive within the Apache proxy's configuration (apache2.conf) is set to 512 bytes. This limit is insufficient to accommodate the increased length of search query URIs generated by NSX 4.2.1, which are longer than those generated by NSX 4.1.1.

Resolution

To resolve this issue, increase the LimitRequestline value in the apache2.conf configuration file of the external Apache proxy/SSL Gateway to at least 1024 bytes.

Here are the steps to be followed to resolve the issue:

  1. Access the external Apache proxy/SSL Gateway via SSH.
  2. Locate the apache2.conf ( /etc/apache2/apache2.conf) file.
  3. Copy apache2.conf file to /root directory of the Gateway.
  4. Edit the apache2.conf file (in this directory: /etc/apache2/apache2.conf) and change the LimitRequestline directive from 512 to 1024 or higher.
    • Before:
      LimitRequestline 512
    • After:
      LimitRequestline 1024
  5. Save the changes to apache2.conf.
  6. Restart the Apache web server service for the changes to take effect.

Additional Information

Official Apache Document

Powered by Wolken Software