Unusually large HTTP packets

An HTTP transaction uses request-response messages between the client and the server. In the request and response messages, HTTP headers are the values that are displayed in the HTTP protocol. You can configure the HTTP header length in virtual server, service, or service group to avoid 4xx errors

When an HTTP request/response exceeds the maximum header length, it can be a possible attack. Using the Unusually large HTTP packets indicator, you can view the occurrences where the HTTP messages with HTTP header size exceed the configured values.

Click the Unusually large HTTP packets tab to view the issue details.

Unusually large http packets

The Recommended Actions to troubleshoot the issue are:

  • Review the traffic to determine the header size is genuine. If the header size is genuine, then update the header value on the HTTP profile. For more information, see Buffer Overflow Check.

  • If the header size is not genuine, blacklist the source to avoid attacks.

Under Details, you can view:

  • The time that occurred the anomaly

  • Total occurrences

  • The anomaly severity such as high, low, and medium

  • The detection message indicating the current HTTP header length configured on the virtual server, server, or service group

Unusually large HTTP packets