Re: service() failed with http error 413 - error log message from isapi_redirect.log file
On 17.07.2012 06:15, ann ramos wrote: Thanks Tim for your quick reply. I have already increased the max_packet_size to the maximum allowable value way way before and it still comes up: worker.wlb.max_packet_size=65536 You need to increase the size on the Tomcat side to. Just the Request Entity Too Large error is the one that I want to concentrate on at the moment. Can you try using http instead of https? This way we could decide whether it is more likely a problem of forwarding SSL info in the AJP header packet (the 8K resp. 64K thing) or whether some huge header or similar is actually coming from your client. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: service() failed with http error 413 - error log message from isapi_redirect.log file
Yes, I have also increased the one in the server.xml of te tomcat instance. Haven't tried using it as an http just to see if its going to make a difference. I'm going to ask the users. Thanks. On 17/07/2012, at 4:59 PM, Rainer Jung rainer.j...@kippdata.de wrote: On 17.07.2012 06:15, ann ramos wrote: Thanks Tim for your quick reply. I have already increased the max_packet_size to the maximum allowable value way way before and it still comes up: worker.wlb.max_packet_size=65536 You need to increase the size on the Tomcat side to. Just the Request Entity Too Large error is the one that I want to concentrate on at the moment. Can you try using http instead of https? This way we could decide whether it is more likely a problem of forwarding SSL info in the AJP header packet (the 8K resp. 64K thing) or whether some huge header or similar is actually coming from your client. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: service() failed with http error 413 - error log message from isapi_redirect.log file
Hi Ann, On Mon, 2012-07-16 at 19:18 -0700, ann ramos wrote: Hi, We are using HP Service Manager 9.2 system. The web client tier was set up using Windows 2008 R2 64-bit, IIS 7.5, Tomcat 6 and Isapi Redirector 1.2.30. The client is accessing the site by https because we had created a certificate and binded it to the IIS. Here are the steps that I used: 1. Go to IIS. 2. Go to Server Certificate. 3. Choose complete certificate request. 4. Upload the certificate file with the cer extension. 5. Go to Default Website. 6. Bind it to HTTPS and point it to the certificate that you just uploaded in #4. Everything is working fine. User can access the system through web. I noticed the following messages (attached fle ) from the isapi_redirect.log file. Would appreciate it if someone can provide additional information about the message and some ways/ideas on stopping them from occurring. As the log message suggests, 413 is a standard HTTP error code. Quote from http://www.faqs.org/rfcs/rfc2616.html: 10.4.14 413 Request Entity Too Large The server is refusing to process a request because the request entity is larger than the server is willing or able to process. The server MAY close the connection to prevent the client from continuing the request. If the condition is temporary, the server SHOULD include a Retry- After header field to indicate that it is temporary and after what time the client MAY try again. Based on messages like this from the log you attached: ajp_marshal_into_msgb::jk_ajp_common.c (469): failed appending the header value it sounds like you might need to bump 'max_packet_size' in your workers.properties. See http://tomcat.apache.org/connectors-doc/reference/workers.html for details. HOWEVER, did you notice this in the log? [Mon Jul 16 15:19:37.365 2012] [3420:6708] [emerg] HttpFilterProc::jk_isapi_plugin.c (1921): [/sm9/dv/META-INF/services/javax.xml.transform.TransformerFactory] points to the web-inf or meta-inf directory. Somebody tries to hack into the site!!! Someone may be trying to exploit buffer overruns on your site. My apologies if the information that I have provided is not complete. Let me know so I can add some more details. Thanks and regards! Ann - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: This is a digitally signed message part
Re: service() failed with http error 413 - error log message from isapi_redirect.log file
Thanks Tim for your quick reply. I have already increased the max_packet_size to the maximum allowable value way way before and it still comes up: worker.wlb.max_packet_size=65536 Yeah, I noticed the message about the hacking thing. The website only runs internally. I found a good explanation of that message on the net, something about the HP SM software trying to access a file(s) directly under the WEB-INF folder. So I don't worry about that message for now. Just the Request Entity Too Large error is the one that I want to concentrate on at the moment. From: Tim Watts t...@cliftonfarm.org To: users@tomcat.apache.org Sent: Tuesday, 17 July 2012 2:06 PM Subject: Re: service() failed with http error 413 - error log message from isapi_redirect.log file Hi Ann, On Mon, 2012-07-16 at 19:18 -0700, ann ramos wrote: Hi, We are using HP Service Manager 9.2 system. The web client tier was set up using Windows 2008 R2 64-bit, IIS 7.5, Tomcat 6 and Isapi Redirector 1.2.30. The client is accessing the site by https because we had created a certificate and binded it to the IIS. Here are the steps that I used: 1. Go to IIS. 2. Go to Server Certificate. 3. Choose complete certificate request. 4. Upload the certificate file with the cer extension. 5. Go to Default Website. 6. Bind it to HTTPS and point it to the certificate that you just uploaded in #4. Everything is working fine. User can access the system through web. I noticed the following messages (attached fle ) from the isapi_redirect.log file. Would appreciate it if someone can provide additional information about the message and some ways/ideas on stopping them from occurring. As the log message suggests, 413 is a standard HTTP error code. Quote from http://www.faqs.org/rfcs/rfc2616.html: 10.4.14 413 Request Entity Too Large The server is refusing to process a request because the request entity is larger than the server is willing or able to process. The server MAY close the connection to prevent the client from continuing the request. If the condition is temporary, the server SHOULD include a Retry- After header field to indicate that it is temporary and after what time the client MAY try again. Based on messages like this from the log you attached: ajp_marshal_into_msgb::jk_ajp_common.c (469): failed appending the header value it sounds like you might need to bump 'max_packet_size' in your workers.properties. See http://tomcat.apache.org/connectors-doc/reference/workers.html for details. HOWEVER, did you notice this in the log? [Mon Jul 16 15:19:37.365 2012] [3420:6708] [emerg] HttpFilterProc::jk_isapi_plugin.c (1921): [/sm9/dv/META-INF/services/javax.xml.transform.TransformerFactory] points to the web-inf or meta-inf directory. Somebody tries to hack into the site!!! Someone may be trying to exploit buffer overruns on your site. My apologies if the information that I have provided is not complete. Let me know so I can add some more details. Thanks and regards! Ann - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
