I am working on the web application that was developed in Java 1.8, Apache wicket 1.5.6 with embedded jetty server 8.1.16 and also developed few pages using Ext JS 3.4.1. Apache 2.4 has configured as reverse proxy for this application.
The problem is after enabling 2 factor authentication(2FA) and trying to upload more than 2 GB file, apache(proxy) server throws exception as Re-negotiation handshake failed, referer:https:///ui/v2FJNs4Lej0jKivA6KUhqg/v2Fd9/Ns48e request body exceeds maximum size (2147483647) for SSL buffer, referer: https:///ui/DXOKJCEAASQaiEwUH_0xOA/DXO6a/ADXe4
Multipart option is enabled for file uploading
httpd.conf:
#Proxy ui to jetty
<Location "/ui">
....
....
SSLRenegBufferSize 2147483647
# Forward the SSL info onto Jetty (GUI)
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
....
....
ProxyPass http://127.0.0.1:8080/ui
ProxyPassReverse http://127.0.0.1:8080/ui
</Location>
I am trying with wicket filter to block the request and update Content-Length to 0 before reaching the proxy server. But request is hitting proxy server first and then come to filter. It did not work.
Anybody was facing similar issue?. I may be doing wrong approach. Please help me out to resolve this issue.
I can provide more detail if still requires.
Jetty Server 8.x was End of Life back in 2014.
Support for
Content-Lengthexceeding 2GB (actuallyInteger.MAX_VALUE) was first added to Jetty in version 9.4.20.v20190813 as part of the effort around Issue #3504.Also, Jetty 9.4.x is now at End of Community Support.
See: https://github.com/eclipse/jetty.project/issues/7958
Be aware of the security vulnerabilities in your version of Jetty.
See: https://www.eclipse.org/jetty/security_reports.php
Consider using
Transfer-Encoding: chunkedon the request side of your POST instead (this sends the data without usingContent-Length)