Bug ID 977701: Web Application Security/Bot Traffic Dashboards 500 Server Error following upgrade to 8.0

Last Modified: May 03, 2021

Bug Tracker

Affected Product:  See more info
BIG-IQ Web App Security (ASM)(all modules)

Known Affected Versions:
7.1.0, 7.1.0.1, 7.1.0.2, 7.1.0.3, 7.1.6, 7.1.6.1, 7.1.7, 7.1.7.1, 7.1.7.2, 7.1.8, 7.1.8.1, 7.1.8.2, 7.1.8.3, 7.1.8.4, 7.1.8.5, 7.1.9, 7.1.9.7, 7.1.9.8, 7.1.9.9

Opened: Dec 31, 2020
Severity: 4-Minor

Symptoms

In rare cases, following an upgrade from a BIG-IQ version 7.1 to 8.0, the Web Application Security Dashboard or Bot Traffic Dashboard might display a 500 error.

Impact

The system returns an unexpected error (500 Server Error): status:500, body:{"error":{"httpStatus":"INTERNAL_SERVER_ERROR","code":1002,"message":"INTERNAL_SERVER_ERROR: ElasticsearchStatusException[Elasticsearch exception [type=too_long_frame_exception, reason=An HTTP line is larger than 4096 bytes.]]","errorStack":[],"restOperationId":"0615d70c-8d06-444a-b5bb-e0d7ffe0ca55"}}

Conditions

Following a period of time that a system is powered down (several days, or more), upgrade a BIG-IQ to version 8.0. Go to the Web Application Security Dashboard (Monitoring : DASHBOARDS : Web Application Security).

Workaround

Add the 'http.max_initial_line_length: 10mb' parameter to /var/config/rest/elasticsearch/config/elasticsearch.yml on all nodes (CMs and DCDs), and then restart elastic search on each node: bigstart restart elasticsearch

Fix Information

None

Behavior Change