Istio Ingress : Increase Header size

Divyesh_Bhatt · November 18, 2020, 3:22pm

Hello,

Istio Version : 1.7

I am trying to update max_request_headers_kb to 80 using below envoy filter:
Even after applying one of below EnvoyFilter I am getting “431Request Header Fields Too Large” on header size beyond 30 kb.

I know the document from envoy says default limit is 60 kb but in code its hardcoded to 29 and max limit to 94.

github.com

envoyproxy/envoy/blob/c39a22e1ee744f4e6031c0b53f7ccd2b6165e29f/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L304


// By default, Envoy will overwrite the header with the value specified in
// server_name.
ServerHeaderTransformation server_header_transformation = 34
    [(validate.rules).enum = {defined_only: true}];
// The maximum request headers size for incoming connections.
// If unconfigured, the default max request headers allowed is 60 KiB.
// Requests that exceed this limit will receive a 431 response.
// The max configurable limit is 96 KiB, based on current implementation
// constraints.
google.protobuf.UInt32Value max_request_headers_kb = 29
    [(validate.rules).uint32 = {lte: 96 gt: 0}];
// The idle timeout for connections managed by the connection manager. The
// idle timeout is defined as the period in which there are no active
// requests. If not set, there is no idle timeout. When the idle timeout is
// reached the connection will be closed. If the connection is an HTTP/2
// connection a drain sequence will occur prior to closing the connection.
// This field is deprecated. Use :ref:`idle_timeout
// <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.common_http_protocol_options>`
// instead.

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: custom
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:

applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy
match:
context: GATEWAY
listener:
filterChain:
filter:
name: “envoy.http_connection_manager”
patch:
operation: MERGE
value:
max_request_headers_kb: 80

OR

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: custom
namespace: istio-system
spec:
configPatches:

applyTo: NETWORK_FILTER
match:
context: GATEWAY
listener:
filterChain:
filter:
name: “envoy.http_connection_manager”
patch:
operation: MERGE
value:
typed_config:
“@type”: “type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager”
max_request_headers_kb: 200

None worked.

Can someone suggest what am I doing wrong?