MaxHeaderSize for Access Gateway (2024)

book

Article ID: 8032

calendar_today

Updated On:

CA Gateway is bundled with Tomcat and Apache Web Server. The Http Connector is not used between Tomcat and Apache, instead the AJP Connector is used. "maxHttpHeaderSize" is an valid attribute in the HTTP Connector, but not the AJP Connector.

The AJP Protocol is "Packet Oriented". There is no 'maxHttpHeaderSize' in the AJP protocol. Instead the AJP protocol is simply using the 'max_packet_size'. 'max_packet_size'doesn't limit an aspect of the packet, such as the HTTP Header. It is the entire packet. When large HTTP headers are involved, the entire packet size exceeds the default limit.

worker.ajp13.max_packet_size needs to be increased

1) Logon to the CA Gateway host

2) Browse to the 'Server.conf' File

-> Default Path:

Windows: C:\Program Files\CA\secure-proxy\proxy-engine\conf\server.conf

UNIX: <Install_Dir>/CA/secure-proxy/proxy-engine/conf/server.conf

3) Locate the following section:

#'max_packet_size': This attribute sets the maximum AJP packet size in Bytes. The maximum value is 65536.

#This same value will be used as 'packetSize' attribute for AJP connector on the Tomcat side.

worker.ajp13.max_packet_size=16384

4) Modify the 'max_packet_size' value to accommodate the total size of the packets with the additional Header Data.

NOTE:The maximum value is 65536

5) Restart the CA Gateway server (Tomcat)

###### REFERENCE ######

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/access-gateway-configuration/configure-the-tomcat-settings-manually.html

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html

https://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html

https://stackoverflow.com/questions/6837505/setting-max-http-header-size-with-ajp-tomcat-6-0