I configured X-Forwarded-For insertion via an Action-List. I also configured persistence rebalance to be sure that the header is inserted in every HTTP 1.1 request (and not only in the first request of the TCP connection).
However, in some cases, the ACE doesn't insert the X-Forwarded-For header into the request:
- A TCP connection is setup, an HTTP1.1 request is done. The X-Forwarded-For header is correctly inserted
- A few HTTP1.1 requests are done over the existing TCP connection, the X-Forwarded-For header is inserted as expected
- Some more HTTP1.1 requests are done over the existing TCP connection, the X-Forwarded-For header isn't inserted any more.
I configured the maximal header length to 2048bytes. According to my network analyzer (traces token after the ACE), the HTTP header never exceeded 2048 bytes, the maximum I saw was about 1700bytes.
I also want to mention that this configuration is used in combination with SSL termination.
I was thinking about the way the max-parse-length buffer is used. Is this a circular buffer, or are all headers within a TCP connection added up and put into the buffer?
I am using an ACE10 blade with release A2 (1.5a)
parameter-map type http PERSISTENCE.REBALANCE-PRM
header modify per-request
set header-maxparse-length 2048
Frame 4907 + 4908 is a GET with a size of 1460 + 719 = 2159 bytes.
This is higher than your max parselen.
All requests after this one in the same connection do not have the x-forwarded-for header.
I would have to verify the code, but it seems like once we hit the max parselen error for a connection, we stop inspecting that connection. Even for new requests.
I would suggest to increase your max parselen to 3000 bytes.
You can check if you had parse-length error with
show np [1|2] me-stats "-shttp"
AceC6k2/MinK# show np 1 me-stats "-shttp -v" | i arse
Parse result LB msgs sent: 0 0
Parse result Inspect msgs sent: 0 0
Static parse errors: 0 0
Max parselen errors: 0 0
Also, be aware that a static parse errors will stop the "persistent rebalance" function.
The max-parselen will be used to set the size of the buffer that will be used to store the HTTP headers.
We can store only up to the max-parse length. If we do not find what we are looking for and have not enough space to store the complete header, we report a max parselen error.