Gateway error when routing request message: "Request too long"
Article ID: 42949
Updated On:
Products
STARTER PACK-7
CA Rapid App Security
CA API Gateway
Issue/Introduction
- The Layer7 API Gateway has protocols in place to ensure that it does not receive messages from an HTTP POST that are too large or transmit messages that may be too large for an endpoint. It has a hard cap set for the size of an inbound request message of an HTTP POST of 545,269 bytes. Typically, a POST operation should not be this large. In some circumstances, however, an administrator may want to enable the Gateway to allow & process messages that exceed this size coming via way of HTTP POST.
- When an HTTP POST comes through the Gateway and is too large to be routed, the following error logs may be present:
com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion : 4042: Problem routing to http://host.example.com/service Error msg: Request too long (Content-Length = 545,269 bytes)
com.l7tech.server.MessageProcessor : 3016: Request routing failed with status 600 (Assertion Falsified)
com.l7tech.server.message : Message was not processed: Error in Assertion Processing (601)
com.l7tech.server.MessageProcessor : 3016: Request routing failed with status 600 (Assertion Falsified)
com.l7tech.server.message : Message was not processed: Error in Assertion Processing (601)
Environment
All supported versions of the API Gateway
Resolution
- To allow larger HTTP POST request messages, it is necessary to increase the value for the com.l7tech.message.httpParamsMaxFormPost parameter in the system.properties file.
- Log into the Gateway appliance as the ssgconfig user.
- Select Option #3: Use a privileged shell (root).
- Open the following file in a text editor: /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties
- Create a new line and paste the following: com.l7tech.message.httpParamsMaxFormPost=2147483647
- This value (2147483647) is the largest accepted input and allows an HTTP POST to be up to 2 GB in size. This is an absolute limit that cannot be exceeded due to the nature of the configuration directive. The configuration directive is a 32-bit integer and as such it cannot exceed the currently specified value.
- Consideration should be taken when setting the value, it ideally would not be much higher than is needed for the request to succeed and this is to lower the risk of abuse by clients. Ensure enough resources (memory and CPU) is assigned to each node depending on the expected traffic for nodes needing to process the large message sizes.
- Save the file and exit.
- Restart the SSG Gateway service: service ssg restart
- This change will need to be incorporated on all nodes in the cluster to ensure that each node has the configuration. Once the change is made and all nodes are restarted, the large message will be accepted.
- If the behaviour continues to be observed after the value has been increased and service restarted, the value set may still be too low. Try increasing it again until the issue goes away. If the value seems far too large for the request coming in via an HTTP POST, a support case should be opened to discuss alternatives.
Additional Information
|
io.httpParamsMaxFormPostBytes
|
Maximum number of bytes to buffer when processing an HTTP form post (application/x-www-form-urlencoded).
Default:
5242880
Technical Note:
The
io.httpParamsMaxFormPostBytes
cluster property replaces the former
com.l7tech.message.httpParamsMaxFormPost
system property.However if the system property is set, it overrides this cluster property. |
Feedback
Yes
No
Powered by
