Bug 66194 - When using http2 and maxHeaderSize is exceeded, nothing is logged
Summary: When using http2 and maxHeaderSize is exceeded, nothing is logged
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Connectors (show other bugs)
Version: 9.0.63
Hardware: PC Mac OS X 10.1
: P2 normal (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2022-08-01 20:46 UTC by damien.hollis
Modified: 2022-08-23 18:29 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description damien.hollis 2022-08-01 20:46:22 UTC
We are using http2 and we have some requests with many cookies and this results in us exceeding the maxHeaderSize limit. This has taken a very long time to track down as tomcat does not log anything under these conditions - prior to http2 I'm pretty sure this situation was logged (at least once).

The code in question is:

if (hpackDecoder.isHeaderSizeExceeded(headerReadBuffer.position())) {
                StreamException headerException = new StreamException(sm.getString(
                        "http2Parser.headerLimitSize", connectionId, Integer.valueOf(streamId)),
                        Http2Error.ENHANCE_YOUR_CALM, streamId);

Note: it is logged if I turn on debug logging but we can't do that in production.

o.a.coyote.http2.Http2UpgradeHandler     : Connection [1], Stream [1], Error [ENHANCE_YOUR_CALM], Message [Connection [1], Stream [1], Total header size too big],  RST (closing stream)

Could this be logged as a warning, so we can at least detect this situation in production?
Comment 1 Mark Thomas 2022-08-15 10:41:03 UTC
Logging every instance of this opens up the potential for a DoS.

We can look at the possibility of mirroring the logging used for HTTP/1.1 which logs via a UserDataHelper instance.
Comment 2 damien.hollis 2022-08-15 10:57:32 UTC
Logging at least the first instance would be much more helpful than the current situation.
Comment 3 Mark Thomas 2022-08-23 18:29:13 UTC
Fixed in:
- 10.1.x for 10.1.0-M18 onwards
- 10.0.x for 10.0.24 onwards
-  9.0.x for  9.0.66 onwards
-  8.5.x for  8.5.83 onwards