cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1473
Views
0
Helpful
3
Replies

ACE: parse length-exceed action

gavin han
Level 1
Level 1

Hi,

I've to configure following:

Cisco ACE is dropping the TCP connection between client and Server because the  login HTTP request exceeds a Cisco length limit. The  authentication request sent by the client which includes the Kerberos token is much larger than most HTTP requests.

Setting the Cisco parse length-exceed action to "continue" resolved the issue in the case recorded.

=

where and how do I configure it?

Thanks in advance.

1 Accepted Solution

Accepted Solutions

ciscocsoc
Level 4
Level 4

Hi,

The following config snippet should point you in the right direction:

parameter-map type http SomeRandomName

  length-exceed continue

policy-map multi-match L4POLICY

  class L4VIPCLASS

    loadbalance vip inservice

    loadbalance policy LB-POLICY-Web

    loadbalance vip icmp-reply active

    loadbalance vip advertise

    appl-parameter http advanced-options SomeRandomName

HTH

Cathy

View solution in original post

3 Replies 3

ciscocsoc
Level 4
Level 4

Hi,

The following config snippet should point you in the right direction:

parameter-map type http SomeRandomName

  length-exceed continue

policy-map multi-match L4POLICY

  class L4VIPCLASS

    loadbalance vip inservice

    loadbalance policy LB-POLICY-Web

    loadbalance vip icmp-reply active

    loadbalance vip advertise

    appl-parameter http advanced-options SomeRandomName

HTH

Cathy

Hello,

Is there a difference between the command you´re proposing, and this:

parameter-map type http PARAM-SSO

  set header-maxparse-length 8192

  length-exceed continue

Should be the same from how I see it... is it?

There is a small difference.

The default max-parse-length is 2048 bytes, so the snippet presented in the update of 20/04/12 will parse 2048 bytes for whatever it was looking for and then continue with load-balancing. The snippet you propose will parse 8192 bytes and then continue if the object isn't found.

It will make a difference in the case of the URL/Cookie being in bytes 2049-8192 of the header.

HTH

Cathy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: