Re: Request Entity Too Large with mod_jk and SSL Client Certs

Tue, 04 Apr 2006 10:41:31 -0700 

Bill Barker wrote:
"Seth Milder" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] 


Hi list,

I am seeing this in the logs when posting to a particular URL:

[Mon Apr 03 14:52:06 2006] [13089:15648] [debug]
ajp_get_endpoint::jk_ajp_common.c (2131): acquired connection cache slot=0
[Mon Apr 03 14:52:06 2006] [13089:15648] [error]
ajp_marshal_into_msgb::jk_ajp_common.c (490): failed appending the SSL
certificates
[Mon Apr 03 14:52:06 2006] [13089:15648] [info]
ajp_service::jk_ajp_common.c (1662): Creating AJP message failed,
without recovery
[Mon Apr 03 14:52:06 2006] [13089:15648] [debug]
ajp_done::jk_ajp_common.c (2074): recycling connection cache slot=0 for
worker ajp13
[Mon Apr 03 14:52:06 2006] [13089:15648] [info]  jk_handler::mod_jk.c
(1978): Aborting connection for worker=ajp13


It is then I receive the apache error about the "Request Entity Too
Large." Interestingly enough, this only occurs with Firefox and not
MSIE. Is there a setting for this somewhere?





Probably not.  The problem is that AJP/1.3 only allows a maximum of 8Kb to 
be sent in a given packet.  For the Request packet this has to include all 
of the Request headers, as well as the SSL variables.  I'm guessing (since 
you say you are doing a POST), that the referer URL is very long, and that 
FireFox is adding just a bit more than MSIE to push it over the edge.



If it's possible for you to hack your copy of the mod_jk code, then putting 
something like:

    jk_dump_buff(l, __FILE__, __LINE__, "ajp_marshal_into_msgb",
                         JK_LOG_LEVEL_TRACE, "ssl_cert", msg);


at line 490 of jk_ajp_common.c, and configuring your log-level to trace will 
give you the info to see what is wrong.  And feel free to post the results 
to the list:  Myself and at least a couple of other people can parse what 
the data in an AJP/1.3 message is.





Thanks for your help. It turns out that the referer for this page is 
indeed HUGE! I turned off referer sending in Firefox and this "fixed" 
it. I will talk to my vendor about using POST instead of GET. Maybe this 
will fix it!



Best,

Seth

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]















    











					Reply via email to