Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Downstream HTTP header limits? #1675

Open
Mortana89 opened this issue Jul 6, 2023 · 2 comments
Open

Downstream HTTP header limits? #1675

Mortana89 opened this issue Jul 6, 2023 · 2 comments
Assignees
@Mortana89
Labels
needs feedback Issue is waiting on feedback before acceptance needs validation Issue has not been replicated or verified yet question Initially seen a question could become a new feature or bug or closed ;) waiting Waiting for answer to question or feedback from issue raiser

Comments

@Mortana89
Copy link

Expected Behavior / New Feature

We have configured Kestrel both on our gateway microservice and downstream services to accept header sizes up to 64Kb.
We should be able to send our GET request which contains a large continuation token, to these downstream services.
However, we notice that, we are able to enter middleware in our gateway, but the moment we run the ocelot middleware, we receive a 400 headers too large.
When we try to send the same call to the individual microservice directly, we receive a successful response, so I'm thinking Ocelot is not adhering to the limits for some reason, when replaying the HTTP request to a downstream service.

Is that possible?

Some information:

  • Services running in Service Fabric, using SF discovery
  • ASP.NET Core 6.0
  • Ocelot 18.0
  • HTTP Header size just over 16 kb
@raman-m
Copy link
Member

raman-m commented Jul 6, 2023

Hi Mortana!
Thanks for the interesting question!

  • ASP.NET Core 6.0
  • Ocelot 18.0

Could you upgrade your solution to v19 for .NET 7 please?

When we try to send the same call to the individual microservice directly, we receive a successful response, so I'm thinking Ocelot is not adhering to the limits for some reason, when replaying the HTTP request to a downstream service.

Is that possible?

Everything is possible! 🤣
What is the technical stack of your downstream service? .NET or other technology?

I guess Ocelot as a ASP.NET API app follows and uses a standard settings for HttpClient and HttpRequest to setup HTTP headers for .NET framework.
As far as I know Ocelot does not limit header values, so it uses standard limits for HttpRequest.

We have configured Kestrel both on our gateway microservice and downstream services to accept header sizes up to 64Kb.

Please, show your solution and/or at least configuration code!
We need to verify this setup.

However, we notice that, we are able to enter middleware in our gateway, but the moment we run the ocelot middleware, we receive a 400 headers too large.

Please, provide complete call stack information, and error message for sure!

Finally,

Is this a bug or feature issue?
Do you have a draft solution?

@raman-m raman-m added question Initially seen a question could become a new feature or bug or closed ;) needs validation Issue has not been replicated or verified yet needs feedback Issue is waiting on feedback before acceptance waiting Waiting for answer to question or feedback from issue raiser labels Jul 6, 2023
@raman-m
Copy link
Member

raman-m commented Jul 6, 2023

Do you use this Kestrel server property?
KestrelServerLimits.MaxRequestHeadersTotalSize Property (Microsoft.AspNetCore.Server.Kestrel.Core) | Microsoft Learn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mortana89 Mortana89

Labels
needs feedback Issue is waiting on feedback before acceptance needs validation Issue has not been replicated or verified yet question Initially seen a question could become a new feature or bug or closed ;) waiting Waiting for answer to question or feedback from issue raiser
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@raman-m @Mortana89