Hi Ed,
The HTTP profiles have a "Maximum Header Size" option, which specifies the maximum amount of HTTP header data that the system buffers before making a load balancing decision. So generally, this is just a cosmetic issue.
If you want to find out which request or response header is greater than the max, you can use an iRule. But it will require looping through every header in every request (and/or response) so you should remove the rule as soon as you find the header(s).
Based on http://devcentral.f5.com/wiki/default.aspx/iRules/LogHttpHeaders.html
when HTTP_REQUEST {
Loop through each header by name
foreach aHeader [HTTP::header names] {
Check if the length of the header value is greater than 32k
if {[string length [HTTP::header value $aHeader]] > 32768}{
Log details for the request
log local0. "[IP::client_addr]:[TCP::client_port] (UA: [HTTP::header "User-Agent"] -> [HTTP::host][HTTP::uri],\
$aHeader ([string length [HTTP::header value $aHeader]]): [HTTP::header value $aHeader]"
}
}
}
If this doesn't match any headers, it might be because the long header value is in the response. If that's the case, you could use something like this:
when HTTP_RESPONSE {
Loop through each header by name
foreach aHeader [HTTP::header names] {
Check if the length of the header value is greater than 32k
if {[string length [HTTP::header value $aHeader]] > 32768}{
Log details for the response
log local0. "[IP::client_addr]:[TCP::client_port]: $aHeader \
([string length [HTTP::header value $aHeader]]): [HTTP::header value $aHeader]"
}
}
}
Note that many request variables aren't available in the HTTP_RESPONSE event. So if you wanted to log the User-Agent header value or other request characteristics, you'd need to save them on every request and then log them in the responses which contain the long header values.
Aaron