Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACE: parse length-exceed action

Hi,

I've to configure following:

Cisco ACE is dropping the TCP connection between client and Server because the  login HTTP request exceeds a Cisco length limit. The  authentication request sent by the client which includes the Kerberos token is much larger than most HTTP requests.

Setting the Cisco parse length-exceed action to "continue" resolved the issue in the case recorded.

=

where and how do I configure it?

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

ACE: parse length-exceed action

Hi,

The following config snippet should point you in the right direction:

parameter-map type http SomeRandomName

  length-exceed continue

policy-map multi-match L4POLICY

  class L4VIPCLASS

    loadbalance vip inservice

    loadbalance policy LB-POLICY-Web

    loadbalance vip icmp-reply active

    loadbalance vip advertise

    appl-parameter http advanced-options SomeRandomName

HTH

Cathy

3 REPLIES
Silver

ACE: parse length-exceed action

Hi,

The following config snippet should point you in the right direction:

parameter-map type http SomeRandomName

  length-exceed continue

policy-map multi-match L4POLICY

  class L4VIPCLASS

    loadbalance vip inservice

    loadbalance policy LB-POLICY-Web

    loadbalance vip icmp-reply active

    loadbalance vip advertise

    appl-parameter http advanced-options SomeRandomName

HTH

Cathy

New Member

ACE: parse length-exceed action

Hello,

Is there a difference between the command you´re proposing, and this:

parameter-map type http PARAM-SSO

  set header-maxparse-length 8192

  length-exceed continue

Should be the same from how I see it... is it?

Silver

ACE: parse length-exceed action

There is a small difference.

The default max-parse-length is 2048 bytes, so the snippet presented in the update of 20/04/12 will parse 2048 bytes for whatever it was looking for and then continue with load-balancing. The snippet you propose will parse 8192 bytes and then continue if the object isn't found.

It will make a difference in the case of the URL/Cookie being in bytes 2049-8192 of the header.

HTH

Cathy

977
Views
0
Helpful
3
Replies