Re: AJP error using mod_proxy__ajp (conclusion: user error)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 6/29/20 12:22, Christopher Schultz wrote: > I believe I have determined the cause (or at least the fix) for > this: > > Despite the mod_proxy_ajp documentation, it is using packets > larger than 8192 bytes. > > Setting this on the Tomcat resolves the problem: > > packetSize="65536" > > I don't see anywhere you can set the maximum packet size on > mod_proxy_ajp so I think this is the only recourse. That's because this is a property of mod_proxy and not mod_proxy_ajp. ProxyIOBufferSize [1] > Is anyone familiar enough with the mod_proxy_ajp code to know how > to look for this? > > It was trivial to reproduce: just send a large POST message > through mod_proxy_ajp to Tomcat. Evidently, I've been down this road before and I had *intentionally* set the high-water mark of ProxyIOBufferSize to 65535. So this was entirely self-inflicted. Thanks, - -chris [1] https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyiobuffersi ze > On 6/25/20 10:28, Christopher Schultz wrote: >> All, > >> This issue is apparently trivially reproducible in my dev >> environment. > >> Do I have to get a protocol-trace to get any more helpful >> information? > >> Thanks, -chris > >> On 6/24/20 10:46, Christopher Schultz wrote: >>> All, > >>> On 6/24/20 10:29, Christopher Schultz wrote: All, > I'm slowly switching from mod_jk to mod_proxy_ajp and I have a development environment where I'm getting Bad Gateway responses sent to clients along with this exception in my Tomcat log file: > java.lang.IllegalArgumentException: Header message of length [8,194] received but the packetSize is only [8,192] at org.apache.coyote.ajp.AjpProcessor.readMessage(AjpProcessor.java:68 5 > ) > > >>> at org.apache.coyote.ajp.AjpProcessor.receive(AjpProcessor.java:626) > > at org.apache.coyote.ajp.AjpProcessor.refillReadBuffer(AjpProcessor.ja v > a > > : > >> 73 > > >>> 4) at org.apache.coyote.ajp.AjpProcessor$SocketInputBuffer.doRead(AjpProc e > s > > s > >> or > > >>> .java:1456) at org.apache.coyote.Request.doRead(Request.java:581) at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer . > j > > a > >> va > > >>> :344) at org.apache.catalina.connector.InputBuffer.checkByteBufferEof(InputB u > f > > f > >> er > > >>> .java:663) at org.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java : > 3 > > 5 > >> 8) > > >>> at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStr e > a > > m > >> .j > > >>> ava:93) at org.apache.commons.io.input.ProxyInputStream.read(ProxyInputStream. j > a > > v > >> a: > > >>> 53) at org.apache.commons.io.input.TeeInputStream.read(TeeInputStream.java : > 1 > > 0 > >> 6) > > >>> at java.io.FilterInputStream.read(FilterInputStream.java:83) at my.product.MacInputStream.read(MacInputStream.java:29) at java.io.FilterInputStream.read(FilterInputStream.java:83) at com.sun.org.apache.xerces.internal.impl.XMLEntityManager$Rewindable I > n > > p > >> ut > > >>> Stream.read(XMLEntityManager.java:2890) at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurre n > t > > E > >> nt > > >>> ity(XMLEntityManager.java:674) at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determin e > D > > o > >> cV > > >>> ersion(XMLVersionDetector.java:148) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse ( > X > > M > >> L1 > > >>> 1Configuration.java:806) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse ( > X > > M > >> L1 > > >>> 1Configuration.java:771) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParse r > . > > j > >> av > > >>> a:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse( A > b > > s > >> tr > > >>> actSAXParser.java:1213) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser . > p > > a > >> rs > > >>> e(SAXParserImpl.java:643) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXPars e > r > > I > >> mp > > >>> l.java:327) at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) > This is a web service which is reading the request with a SAXParser. It's been running in production (and dev!) for years without any issues. It''s been running for a few months in development, now, with mod_proxy_ajp without any errors. > I know about the "max packet size" and the default is 8192 bytes. I haven't changed the default. Here's my configuration: > >>> secretRequired="fa
Re: AJP error using mod_proxy__ajp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I believe I have determined the cause (or at least the fix) for this: Despite the mod_proxy_ajp documentation, it is using packets larger than 8192 bytes. Setting this on the Tomcat resolves the problem: packetSize="65536" I don't see anywhere you can set the maximum packet size on mod_proxy_ajp so I think this is the only recourse. Is anyone familiar enough with the mod_proxy_ajp code to know how to look for this? It was trivial to reproduce: just send a large POST message through mod_proxy_ajp to Tomcat. Thanks, - -chris On 6/25/20 10:28, Christopher Schultz wrote: > All, > > This issue is apparently trivially reproducible in my dev > environment. > > Do I have to get a protocol-trace to get any more helpful > information? > > Thanks, -chris > > On 6/24/20 10:46, Christopher Schultz wrote: >> All, > >> On 6/24/20 10:29, Christopher Schultz wrote: >>> All, > >>> I'm slowly switching from mod_jk to mod_proxy_ajp and I have a >>> development environment where I'm getting Bad Gateway >>> responses sent to clients along with this exception in my >>> Tomcat log file: > >>> java.lang.IllegalArgumentException: Header message of length >>> [8,194] received but the packetSize is only [8,192] at >>> org.apache.coyote.ajp.AjpProcessor.readMessage(AjpProcessor.java:685 ) > >>> >>> > >> at >>> org.apache.coyote.ajp.AjpProcessor.receive(AjpProcessor.java:626) >>> >>> > >>> at >>> org.apache.coyote.ajp.AjpProcessor.refillReadBuffer(AjpProcessor.jav a > >>> : > >>> > 73 > > >> 4) >>> at >>> org.apache.coyote.ajp.AjpProcessor$SocketInputBuffer.doRead(AjpProce s > >>> s > >>> > or > > >> .java:1456) >>> at org.apache.coyote.Request.doRead(Request.java:581) at >>> org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer. j > >>> a > >>> > va > > >> :344) >>> at >>> org.apache.catalina.connector.InputBuffer.checkByteBufferEof(InputBu f > >>> f > >>> > er > > >> .java:663) >>> at >>> org.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java: 3 > >>> 5 > >>> > 8) > > >> at >>> org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStre a > >>> m > >>> > .j > > >> ava:93) >>> at >>> org.apache.commons.io.input.ProxyInputStream.read(ProxyInputStream.j a > >>> v > >>> > a: > > >> 53) >>> at >>> org.apache.commons.io.input.TeeInputStream.read(TeeInputStream.java: 1 > >>> 0 > >>> > 6) > > >> at java.io.FilterInputStream.read(FilterInputStream.java:83) >>> at my.product.MacInputStream.read(MacInputStream.java:29) at >>> java.io.FilterInputStream.read(FilterInputStream.java:83) at >>> com.sun.org.apache.xerces.internal.impl.XMLEntityManager$RewindableI n > >>> p > >>> > ut > > >> Stream.read(XMLEntityManager.java:2890) >>> at >>> com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurren t > >>> E > >>> > nt > > >> ity(XMLEntityManager.java:674) >>> at >>> com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determine D > >>> o > >>> > cV > > >> ersion(XMLVersionDetector.java:148) >>> at >>> com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse( X > >>> M > >>> > L1 > > >> 1Configuration.java:806) >>> at >>> com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse( X > >>> M > >>> > L1 > > >> 1Configuration.java:771) >>> at >>> com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser . > >>> j > >>> > av > > >> a:141) >>> at >>> com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(A b > >>> s > >>> > tr > > >> actSAXParser.java:1213) >>> at >>> com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser. p > >>> a > >>> > rs > > >> e(SAXParserImpl.java:643) >>> at >>> com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParse r > >>> I > >>> > mp > > >> l.java:327) >>> at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) > >>> This is a web service which is reading the request with a >>> SAXParser. It's been running in production (and dev!) for >>> years without any issues. It''s been running for a few months >>> in development, now, with mod_proxy_ajp without any errors. > >>> I know about the "max packet size" and the default is 8192 >>> bytes. I haven't changed the default. Here's my >>> configuration: > >>> >> secretRequired="false" redirectPort="443" protocol="AJP/1.3" >>> URIEncoding="UTF-8" executor="tomcatThreadPool" /> > >>> Here's the configuration in httpd.conf: > >>> BalancerMember >>> "ajp://localhost:8245" timeout=300 ping=5 ttl=60 > >>> ProxyPass "/my-api/" "balancer://my-api/my-api/" >>> ProxyPassReverse "/my-api/" "balancer://my-api/my-api/" > >>> The documentation for mod_proxy_ajp[1] seems to indicate that >>> the "Packet Size" for AJP is fixed at 8192 bytes: > >>> " Packet Size > >>> According to much of the code, the max packet size is 8 * 1024 >>> bytes (8K). The actual length of the packet is encoded in the >>> header. > >>> Packet Headers > >>> Packets sent from the server to the container begin with >>> 0x1234. Packets sen
Re: AJP error using mod_proxy__ajp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, This issue is apparently trivially reproducible in my dev environment. Do I have to get a protocol-trace to get any more helpful information? Thanks, - -chris On 6/24/20 10:46, Christopher Schultz wrote: > All, > > On 6/24/20 10:29, Christopher Schultz wrote: >> All, > >> I'm slowly switching from mod_jk to mod_proxy_ajp and I have a >> development environment where I'm getting Bad Gateway responses >> sent to clients along with this exception in my Tomcat log file: > >> java.lang.IllegalArgumentException: Header message of length >> [8,194] received but the packetSize is only [8,192] at >> org.apache.coyote.ajp.AjpProcessor.readMessage(AjpProcessor.java:685) > >> > > at >> org.apache.coyote.ajp.AjpProcessor.receive(AjpProcessor.java:626) >> >> at >> org.apache.coyote.ajp.AjpProcessor.refillReadBuffer(AjpProcessor.java : > >> 73 > > > 4) >> at >> org.apache.coyote.ajp.AjpProcessor$SocketInputBuffer.doRead(AjpProces s > >> or > > > .java:1456) >> at org.apache.coyote.Request.doRead(Request.java:581) at >> org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.j a > >> va > > > :344) >> at >> org.apache.catalina.connector.InputBuffer.checkByteBufferEof(InputBuf f > >> er > > > .java:663) >> at >> org.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java:3 5 > >> 8) > > > at >> org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStrea m > >> .j > > > ava:93) >> at >> org.apache.commons.io.input.ProxyInputStream.read(ProxyInputStream.ja v > >> a: > > > 53) >> at >> org.apache.commons.io.input.TeeInputStream.read(TeeInputStream.java:1 0 > >> 6) > > > at java.io.FilterInputStream.read(FilterInputStream.java:83) >> at my.product.MacInputStream.read(MacInputStream.java:29) at >> java.io.FilterInputStream.read(FilterInputStream.java:83) at >> com.sun.org.apache.xerces.internal.impl.XMLEntityManager$RewindableIn p > >> ut > > > Stream.read(XMLEntityManager.java:2890) >> at >> com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrent E > >> nt > > > ity(XMLEntityManager.java:674) >> at >> com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineD o > >> cV > > > ersion(XMLVersionDetector.java:148) >> at >> com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X M > >> L1 > > > 1Configuration.java:806) >> at >> com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X M > >> L1 > > > 1Configuration.java:771) >> at >> com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser. j > >> av > > > a:141) >> at >> com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Ab s > >> tr > > > actSAXParser.java:1213) >> at >> com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.p a > >> rs > > > e(SAXParserImpl.java:643) >> at >> com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParser I > >> mp > > > l.java:327) >> at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) > >> This is a web service which is reading the request with a >> SAXParser. It's been running in production (and dev!) for years >> without any issues. It''s been running for a few months in >> development, now, with mod_proxy_ajp without any errors. > >> I know about the "max packet size" and the default is 8192 >> bytes. I haven't changed the default. Here's my >> configuration: > >> > secretRequired="false" redirectPort="443" protocol="AJP/1.3" >> URIEncoding="UTF-8" executor="tomcatThreadPool" /> > >> Here's the configuration in httpd.conf: > >> BalancerMember >> "ajp://localhost:8245" timeout=300 ping=5 ttl=60 > >> ProxyPass "/my-api/" "balancer://my-api/my-api/" >> ProxyPassReverse "/my-api/" "balancer://my-api/my-api/" > >> The documentation for mod_proxy_ajp[1] seems to indicate that >> the "Packet Size" for AJP is fixed at 8192 bytes: > >> " Packet Size > >> According to much of the code, the max packet size is 8 * 1024 >> bytes (8K). The actual length of the packet is encoded in the >> header. > >> Packet Headers > >> Packets sent from the server to the container begin with 0x1234. >> Packets sent from the container to the server begin with AB >> (that's the ASCII code for A followed by the ASCII code for B). >> After those first two bytes, there is an integer (encoded as >> above) with the length of the payload. Although this might >> suggest that the maximum payload could be as large as 2^16, in >> fact, *the code sets the maximum to be 8K*. " (emphasis mine) > >> Does anyone know under what circumstances mod_proxy_ajp might >> send more than 8192 bytes? It looks like mod_proxy_ajp doesn't >> have any way to set the max packet size like mod_jk does. > >> I should probably be able to set the max packet size on the >> Tomcat side to something higher than 8192 to catch this kind of >> thing... but it looks like it might be a bug in mod_proxy_ajp. > >> Versions are Apache httpd 2.4.25 (Debian) and Tomcat 8.5.trunk >> (8.5.55). mod_jk is not being used. > >> Any id
Re: AJP error using mod_proxy__ajp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 6/24/20 10:29, Christopher Schultz wrote: > All, > > I'm slowly switching from mod_jk to mod_proxy_ajp and I have a > development environment where I'm getting Bad Gateway responses > sent to clients along with this exception in my Tomcat log file: > > java.lang.IllegalArgumentException: Header message of length > [8,194] received but the packetSize is only [8,192] at > org.apache.coyote.ajp.AjpProcessor.readMessage(AjpProcessor.java:685) > > at > org.apache.coyote.ajp.AjpProcessor.receive(AjpProcessor.java:626) > at > org.apache.coyote.ajp.AjpProcessor.refillReadBuffer(AjpProcessor.java: 73 > > 4) > at > org.apache.coyote.ajp.AjpProcessor$SocketInputBuffer.doRead(AjpProcess or > > .java:1456) > at org.apache.coyote.Request.doRead(Request.java:581) at > org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.ja va > > :344) > at > org.apache.catalina.connector.InputBuffer.checkByteBufferEof(InputBuff er > > .java:663) > at > org.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java:35 8) > > at > org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream .j > > ava:93) > at > org.apache.commons.io.input.ProxyInputStream.read(ProxyInputStream.jav a: > > 53) > at > org.apache.commons.io.input.TeeInputStream.read(TeeInputStream.java:10 6) > > at java.io.FilterInputStream.read(FilterInputStream.java:83) > at my.product.MacInputStream.read(MacInputStream.java:29) at > java.io.FilterInputStream.read(FilterInputStream.java:83) at > com.sun.org.apache.xerces.internal.impl.XMLEntityManager$RewindableInp ut > > Stream.read(XMLEntityManager.java:2890) > at > com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentE nt > > ity(XMLEntityManager.java:674) > at > com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDo cV > > ersion(XMLVersionDetector.java:148) > at > com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XM L1 > > 1Configuration.java:806) > at > com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XM L1 > > 1Configuration.java:771) > at > com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.j av > > a:141) > at > com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Abs tr > > actSAXParser.java:1213) > at > com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.pa rs > > e(SAXParserImpl.java:643) > at > com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserI mp > > l.java:327) > at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) > > This is a web service which is reading the request with a > SAXParser. It's been running in production (and dev!) for years > without any issues. It''s been running for a few months in > development, now, with mod_proxy_ajp without any errors. > > I know about the "max packet size" and the default is 8192 bytes. > I haven't changed the default. Here's my > configuration: > > redirectPort="443" protocol="AJP/1.3" URIEncoding="UTF-8" > executor="tomcatThreadPool" /> > > Here's the configuration in httpd.conf: > > BalancerMember "ajp://localhost:8245" > timeout=300 ping=5 ttl=60 > > ProxyPass "/my-api/" "balancer://my-api/my-api/" ProxyPassReverse > "/my-api/" "balancer://my-api/my-api/" > > The documentation for mod_proxy_ajp[1] seems to indicate that the > "Packet Size" for AJP is fixed at 8192 bytes: > > " Packet Size > > According to much of the code, the max packet size is 8 * 1024 > bytes (8K). The actual length of the packet is encoded in the > header. > > Packet Headers > > Packets sent from the server to the container begin with 0x1234. > Packets sent from the container to the server begin with AB > (that's the ASCII code for A followed by the ASCII code for B). > After those first two bytes, there is an integer (encoded as above) > with the length of the payload. Although this might suggest that > the maximum payload could be as large as 2^16, in fact, *the code > sets the maximum to be 8K*. " (emphasis mine) > > Does anyone know under what circumstances mod_proxy_ajp might send > more than 8192 bytes? It looks like mod_proxy_ajp doesn't have any > way to set the max packet size like mod_jk does. > > I should probably be able to set the max packet size on the Tomcat > side to something higher than 8192 to catch this kind of thing... > but it looks like it might be a bug in mod_proxy_ajp. > > Versions are Apache httpd 2.4.25 (Debian) and Tomcat 8.5.trunk > (8.5.55). mod_jk is not being used. > > Any ideas? > > -chris > > [1] https://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html Some additional information: 1. The headers of the HTTP request seem to be arriving in a correct packet before this error occurs. The headers are only a few hundred bytes (~340) and the request line should be relatively short (~50 bytes or so). Method is POST, protocol is HTTP/1.1. 2. Apache httpd is terminating TLS. I have no configuration for forwarding TLS information over to
AJP error using mod_proxy__ajp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm slowly switching from mod_jk to mod_proxy_ajp and I have a development environment where I'm getting Bad Gateway responses sent to clients along with this exception in my Tomcat log file: java.lang.IllegalArgumentException: Header message of length [8,194] received but the packetSize is only [8,192] at org.apache.coyote.ajp.AjpProcessor.readMessage(AjpProcessor.java:685) at org.apache.coyote.ajp.AjpProcessor.receive(AjpProcessor.java:626) at org.apache.coyote.ajp.AjpProcessor.refillReadBuffer(AjpProcessor.java:73 4) at org.apache.coyote.ajp.AjpProcessor$SocketInputBuffer.doRead(AjpProcessor .java:1456) at org.apache.coyote.Request.doRead(Request.java:581) at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java :344) at org.apache.catalina.connector.InputBuffer.checkByteBufferEof(InputBuffer .java:663) at org.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java:358) at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.j ava:93) at org.apache.commons.io.input.ProxyInputStream.read(ProxyInputStream.java: 53) at org.apache.commons.io.input.TeeInputStream.read(TeeInputStream.java:106) at java.io.FilterInputStream.read(FilterInputStream.java:83) at my.product.MacInputStream.read(MacInputStream.java:29) at java.io.FilterInputStream.read(FilterInputStream.java:83) at com.sun.org.apache.xerces.internal.impl.XMLEntityManager$RewindableInput Stream.read(XMLEntityManager.java:2890) at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEnt ity(XMLEntityManager.java:674) at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocV ersion(XMLVersionDetector.java:148) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML1 1Configuration.java:806) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML1 1Configuration.java:771) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.jav a:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Abstr actSAXParser.java:1213) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.pars e(SAXParserImpl.java:643) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImp l.java:327) at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) This is a web service which is reading the request with a SAXParser. It's been running in production (and dev!) for years without any issues. It''s been running for a few months in development, now, with mod_proxy_ajp without any errors. I know about the "max packet size" and the default is 8192 bytes. I haven't changed the default. Here's my configuration: Here's the configuration in httpd.conf: BalancerMember "ajp://localhost:8245" timeout=300 ping=5 ttl=60 ProxyPass "/my-api/" "balancer://my-api/my-api/" ProxyPassReverse "/my-api/" "balancer://my-api/my-api/" The documentation for mod_proxy_ajp[1] seems to indicate that the "Packet Size" for AJP is fixed at 8192 bytes: " Packet Size According to much of the code, the max packet size is 8 * 1024 bytes (8K). The actual length of the packet is encoded in the header. Packet Headers Packets sent from the server to the container begin with 0x1234. Packets sent from the container to the server begin with AB (that's the ASCII code for A followed by the ASCII code for B). After those first two bytes, there is an integer (encoded as above) with the length of the payload. Although this might suggest that the maximum payload could be as large as 2^16, in fact, *the code sets the maximum to be 8K*. " (emphasis mine) Does anyone know under what circumstances mod_proxy_ajp might send more than 8192 bytes? It looks like mod_proxy_ajp doesn't have any way to set the max packet size like mod_jk does. I should probably be able to set the max packet size on the Tomcat side to something higher than 8192 to catch this kind of thing... but it looks like it might be a bug in mod_proxy_ajp. Versions are Apache httpd 2.4.25 (Debian) and Tomcat 8.5.trunk (8.5.55). mod_jk is not being used. Any ideas? - -chris [1] https://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7zY1MACgkQHPApP6U8 pFjB9xAAn6Qx/3oxL9LrE716x84vACmUiiFeSY/8VeDYdNuys9+s2ULrARdx62rC 61hV1y1pNwVVK4ZlwxF/DVVUhClfqb3P/lbR76gOWwNJvJs4qXpqF7PSVHyMD3LR 3ze8XXK8NMZMEPoMrOwg3wI7mQoQpj66QhD3fMNz4hbp2iwxXzZfVDLN7D/g8/6Y E4vseY44x1mLQ5BlBy7DGEwpdrVQR50tW8BG4uPfWgyZlnkf5o4AHX7s0oAgLzep VCFCXMK3tYArQrZNv+k7yOgb7Lk4dacRt8pd5Wf2VVHy+1sBZwpRcFXaD0O6N2lc T27F88H0HMsz7J1K6Q52zn0O7nzfk3PbkaXY95SC6zM4jNMRMt35UTYg9UTN8eH9