Wednesday 2 October 2019

F5 BIGIP – HTTP header count exceeded maximum allowed count

Last week we published a new application on our web servers (which are balanced by the F5 BIGIP)
Accessing directly to the servers produced no problem, but when the connection was through the virtual balancing IP of the F5, the application did not work correctly.

Error message

Fortunately, monitoring the LTM module logs of the F5 (/var/log/ltm) while the problem was reproduced showed the following error message:

Solution

It seems pretty clear that it is related to how the HTTP protocol manages.
That is, maybe something could be changed in the HTTP profile.
So, let’s browse to the Profiles  Services section.
By default, when need to assign an http profile to a virtual assign, i use the default “http” profile.
After opening it to check the configured attributes by default, you can realize there is one called “Maximum Header Count”, with value “64”.
A possible solution would be changing that value in the “http” HTTP profile, but this is not a best practice at all because the change would be applied to all Virtual Servers using this profile!
The best way to fix the issue is generating a new http profile using as template this default “http” one, and change the value.
So, after pressing the “New” button, assign a new name (f.e. http_MaxHeaderCount128), parent profile “http” (to create the new profile based on this default one), and increase the value that is causing the issue (f.e. 128).
Once created, open the virtual server with the issue and select the new http profile from the list:
Once applied, test the application again to ensure the problem is solved.

Official article

By searching a bit, there is an official F5 article that also shows the way to correct the problem:https://support.f5.com/csp/article/K14152






No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...