One or more users see a page displaying an error message similar to: "the page was not displayed because the request entity is too large".
This article is relevant if you use IIS, the ISAPI filter and the Tomcat AJP1.3 connector (i.e. as recommended in our Windows installation instructions).
By default the Tomcat AJP1.3 connector has a max packet size of 8K. If (certain elements of) a request exceed this size then this error can occur.
In particular, if you are using Asset Bank's WIASSOPlugin plugin then the Asset Bank website in IIS will be configured to use Integrated Windows Authentication. When Asset Bank (or IIS) issues a challenge a user's browser will include an 'authentication' header in its next request. If Kerberos is used (which is the default) then this header can be large - especially if the user is a member of lots of OUs (in Active Directory) as this information is included in the ticket.
Increase the max packet size as follows:
- Open [tomcat]/conf/server.xml and find the AJP 1.3 connector element. This will look something like this:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false" URIEncoding="UTF-8"/>
- Add an attribute called packetSize with a value larger than 8192 (the default) but never larger than 65536. For example:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false" URIEncoding="UTF-8" packetSize="65536"/>
Open the worker.properties file (used by the isapi_redirect.dll filter): this is usually in [tomcat]/conf
- Add the following line at the end of the file:
(Where 65536 is the max packet size in bytes, i.e. this should be the same as thepacketSize you set in the connector).
Technical note: Old versions of the filter may also have the buffer hardcoded to 8K so it may be necessary to update isapi_redirect.dll.