cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1141
Views
0
Helpful
3
Replies
Highlighted
Beginner

ACE: parse length-exceed action

Hi,

I've to configure following:

Cisco ACE is dropping the TCP connection between client and Server because the  login HTTP request exceeds a Cisco length limit. The  authentication request sent by the client which includes the Kerberos token is much larger than most HTTP requests.

Setting the Cisco parse length-exceed action to "continue" resolved the issue in the case recorded.

=

where and how do I configure it?

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Enthusiast

Hi,

The following config snippet should point you in the right direction:

parameter-map type http SomeRandomName

  length-exceed continue

policy-map multi-match L4POLICY

  class L4VIPCLASS

    loadbalance vip inservice

    loadbalance policy LB-POLICY-Web

    loadbalance vip icmp-reply active

    loadbalance vip advertise

    appl-parameter http advanced-options SomeRandomName

HTH

Cathy

View solution in original post

3 REPLIES 3
Highlighted
Enthusiast

Hi,

The following config snippet should point you in the right direction:

parameter-map type http SomeRandomName

  length-exceed continue

policy-map multi-match L4POLICY

  class L4VIPCLASS

    loadbalance vip inservice

    loadbalance policy LB-POLICY-Web

    loadbalance vip icmp-reply active

    loadbalance vip advertise

    appl-parameter http advanced-options SomeRandomName

HTH

Cathy

View solution in original post

Highlighted

Hello,

Is there a difference between the command you´re proposing, and this:

parameter-map type http PARAM-SSO

  set header-maxparse-length 8192

  length-exceed continue

Should be the same from how I see it... is it?

Highlighted

There is a small difference.

The default max-parse-length is 2048 bytes, so the snippet presented in the update of 20/04/12 will parse 2048 bytes for whatever it was looking for and then continue with load-balancing. The snippet you propose will parse 8192 bytes and then continue if the object isn't found.

It will make a difference in the case of the URL/Cookie being in bytes 2049-8192 of the header.

HTH

Cathy