Istio Ingress : Increase Header size

Hello,

Istio Version : 1.7

I am trying to update max_request_headers_kb to 80 using below envoy filter:
Even after applying one of below EnvoyFilter I am getting “431Request Header Fields Too Large” on header size beyond 30 kb.

I know the document from envoy says default limit is 60 kb but in code its hardcoded to 29 and max limit to 94.

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: custom
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:

  • applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy
    match:
    context: GATEWAY
    listener:
    filterChain:
    filter:
    name: “envoy.http_connection_manager”
    patch:
    operation: MERGE
    value:
    max_request_headers_kb: 80

OR

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: custom
namespace: istio-system
spec:
configPatches:

None worked.

Can someone suggest what am I doing wrong?

For 1.7, some of the fields have to be updated for envoy v3:

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: max-request-headers
  namespace: istio-system
spec:
  configPatches:
  - applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy
    match:
      context: ANY
      listener:
        filterChain:
          filter:
            name: "envoy.filters.network.http_connection_manager"
    patch:
      operation: MERGE
      value:
        typed_config:
          "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
          max_request_headers_kb: 90

Hello Ram,

No luck with above filter definition as well. Is this configuration is working for you?
Thanks,

Divyesh Bhatt

hello,
did you find a solution ? i have the same issue and i cannot find a configuration that work on my ISTIO 1.7

PS: i have a lua filter configured as HTTP_FILTER and patch INSERT_BEFORE → don’t know if the max_request_headers_kb (work) but is not set before reaching the filter or something like that, or if the config does not work at all

Thank you

No Luck… Have parked this for a while. Please let me know if you find any solution.