API Gateway: Setting a larger size than the default 8 KB for the Max HTTPS Header Size.

book

Article ID: 6973

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

This article will discuss how to set a larger allowed Max Header Size than the default 8 KB. In most cases, 8 KB is more then plenty, but in some circumstances it may be required to increase this limit.

In some cases, you may receive an error such as the following in the SSG logs when the response header size is larger than 8 KB:

com.l7tech.server.message: Message was not processed: Undefined (-1)" along with a java.lang.ArrayIndexOutOfBoundsException exception.

Or you may receive the following response to requests that have a header size larger than 8 KB, which would be a client-seen response and not logged in the SSG logs:

HTTP Error 400 Bad Request

Cause

The underling HTTP engine used by the Gateway has a default header size of 8K, anything over this size will cause these errors for both incoming and outgoing.

Environment

This article applies to all supported API Gateway versions.

Resolution

This value can be increased for a particular listen port by setting an advanced property 'maxHttpHeaderSize' on the listen port. To do this, follow the instructions below:

  1. Open up Policy Manager.
  2. Go to Tasks > Manage Listen Ports.
  3. In the Manage Listen Ports window, select the port you want to change and click the Properties button.

  4. In the Listen Port Properties window, select the Advanced tab, then the Add button to add an advanced property to the port.

  5. In the New Property window, configure it as follows then click the OK button:
    • Property Name: maxHttpHeaderSize
    • Value: 16000
  6. Click the OK button again on the Listen Port Properties window to save the changes to the listen port.
  7. Click the Close button on the Manage Listen Ports window.

After the steps above are completed, the Listen Port Properties (Advanced tab) should look similar to the image below:

Notes:

  • The property to add is on a per-port basis.
  • The property name is case-sensitive.
  • The value for maxHttpHeaderSize noted above is in bytes.
  • The value for maxHttpHeaderSize noted above can be any number you want (in bytes), but should be large enough for the Gateway to accept the request and response header sizes being received.

Additional Information

Please note that our testing in Broadcom does not go to large header sizes, so if you are setting it a lot higher you will need to be careful to run your own load testing to see if there is any negative impact to your environment. If the traffic using header sizes above 8 KB is infrequent then this will likely not be a problem, but we would strongly recommend load testing properly before moving that change to a production environment.

Product documentation on the Listen Port Advanced Properties can be found here: https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-0/security-configuration-in-policy-manager/tasks-menu-security-options/manage-listen-ports/listen-port-properties.html#concept.dita_b2bd9924f304a78cae8f4dee3631ccb27b5d47cb_ConfiguringtheAdvancedTab