MaxHeaderSize for Access Gateway

Document ID : KB000008032
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Groups are being pulled into the HTTP Header. There are a large number of groups causing the HTTP Header to be very Large. The CA Gateway server is failing to process the requests.

Environment:
CA Gateway ServeR: r12.7 CA Gateway OS: ANY CA Policy Server: r12.7 CA Policy Server OS: ANY
Cause:

CA Gateway is bundled with Tomcat and Apache Web Server. The Http Connector is not used between Tomcat and Apache, instead the AJP Connector is used. "maxHttpHeaderSize" is an valid attribute in the HTTP Connector, but not the AJP Connector. 

The AJP Protocol is "Packet Oriented". There is no 'maxHttpHeaderSize' in the AJP protocol. Instead  the AJP protocol is simply using the 'max_packet_size'. 'max_packet_size' doesn't limit an aspect of the packet, such as the HTTP Header. It is the entire packet. When large HTTP headers are involved, the entire packet size exceeds the default limit.

Resolution:

worker.ajp13.max_packet_size needs to be increased 

1) Logon to the CA Gateway host 

2) Browse to the 'Server.conf' File 

 

-> Default Path: 

Windows: C:\Program Files\CA\secure-proxy\proxy-engine\conf\server.conf 

UNIX: <Install_Dir>/CA/secure-proxy/proxy-engine/conf/server.conf 

 

3) Locate the following section: 

 

#'max_packet_size': This attribute sets the maximum AJP packet size in Bytes. The maximum value is 65536. 

#This same value will be used as 'packetSize' attribute for AJP connector on the Tomcat side. 

worker.ajp13.max_packet_size=16384 

 

4) Modify the 'max_packet_size' value to accommodate the total size of the packets with the additional Header Data. 

NOTE: The maximum value is 65536

5) Restart the CA Gateway server (Tomcat) 

 

Additional Information:

###### REFERENCE ###### 

https://docops.ca.com/ca-single-sign-on/12-6-01/en/configuring/ca-access-gateway-management/configure-the-tomcat-settings-manually 

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html 

https://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html 

https://stackoverflow.com/questions/6837505/setting-max-http-header-size-with-ajp-tomcat-6-0