HTTP inspection problem

Answered Question
Feb 16th, 2009

Hi, I have configured IOS Zone Based Firewall on my office 871 router.

I've made an inspection rules for http, https, icmp and dns for in-out zone. Often I can see in router log the message:

%APPFW-3-HTTP_MAX_REQ_EXCEEDED : Number of unanswered HTTP requests exceeded the limit 10.

I guess this is becouse there are about 7 people working simultaneously and some of them use skype, witch probably makes unanswered sessions.

However, i want to ask, is there some way to change the limit of 10 unanswered request?

Thanks in advance!

I have this problem too.
0 votes
Correct Answer by sadsiddi about 7 years 11 months ago

The limit is raised to 64 in 12.4(20)T.You can give a try with that.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ivillegas Fri, 02/20/2009 - 06:45

This error message means firewall sees 10 outstanding requests without any reply over a single TCP connection. Normally this shouldn't happen unless you have huge delay in the network or the HTTP server is very slow in responding to the request.

zenon_electronics Fri, 02/20/2009 - 08:02

Thanks for reply!

I understand what the error message means, but I don't know how to prevent it.

I'm sure that it's NOT from the network delay or internet connection speed (ADSL - 12Mb/s).

I need to increase the limit number of 10 unopened connections. Is this possible?

Thanks!

zenon_electronics Sat, 02/21/2009 - 04:18

my version of IOS is 12.4(15)T with Advanced Ip services, and i've configured a Zone-Based-Firewall

Correct Answer
sadsiddi Sat, 02/21/2009 - 04:46

The limit is raised to 64 in 12.4(20)T.You can give a try with that.

Henry Gonzales Thu, 02/04/2016 - 09:39

Hi,

I also have the some problem.

I have: c1841-advsecurityk9-mz.124-4.T7.bin - Version 12.4(4)T7

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

I have to upgrade IOS?

Thanks in advance!

Actions

This Discussion