If the size of the request body is larger than the size you specify, the ingress gateway rejects the request with a 413 HTTP response.

Before you begin

  1. Set up Gloo Mesh Gateway in a single cluster.
  2. Install Bookinfo and other sample apps.
  3. Configure an HTTP listener on your gateway and set up basic routing for the sample apps.

  4. Get the external address of your ingress gateway. The steps vary depending on the type of load balancer that backs the ingress gateway.

      export INGRESS_GW_ADDRESS=$(kubectl get svc -n gloo-mesh-gateways istio-ingressgateway -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}")
    echo $INGRESS_GW_ADDRESS
      

    Note: Depending on your environment, you might see <pending> instead of an external IP address. For example, if you are testing locally in kind or minikube, or if you have insufficient permissions in your cloud platform, you can instead port-forward the service port of the ingress gateway:

      kubectl -n gloo-mesh-gateways port-forward deploy/istio-ingressgateway-1-23 8081
      

Configure HTTP buffer filter policies

You can apply an HTTP buffer filter policy at the route level. For more information, see Applying policies.

Review the following sample configuration file.

  apiVersion: trafficcontrol.policy.gloo.solo.io/v2
kind: HTTPBufferPolicy
metadata:
  name: buffer-filter
  namespace: httpbin
spec:
  applyToRoutes:
  - route:
      labels:
        route: httpbin
  config:
    maxRequestBytes: 16384
  

Review the following table to understand this configuration. For more information, see the API docs.

SettingDescription
spec.applyToRoutesUse labels to configure which routes to apply the policy to. This example label matches the app and route from the example route table that you apply separately. If omitted and you do not have another selector such as applyToDestinations, the policy applies to all routes in the workspace.
spec.config.maxRequestBytesSpecify the maximum size of the request body in bytes. Only requests with a body size that is smaller or equal to that size are accepted by the ingress gateway and forwarded to the workload in your cluster. If the request body size is larger than the specified size, the ingress gateway rejects the request with a 413 HTTP response code. Note that due to a known issue in Envoy, the gateway does not reject requests with a request body size that is smaller or equal to 16384 bytes (16 KB). For the policy to work properly, you must specify a maxRequestBytes value of 16384 or greater.

Verify HTTP buffer filter policies

  1. Create a file with a size of 16385 bytes.

      for ((i=1;i<=16*1024+1;i++)); do echo -n "1" >> output.txt; done;
      
  2. Send a POST request to the httpbin app and provide the file that you created as data input.


    Example output:

      ...
    * We are completely uploaded and fine
    * Connection state changed (MAX_CONCURRENT_STREAMS == 2147483647)!
    < HTTP/2 200 
    HTTP/2 200 
    < server: istio-envoy
    server: istio-envoy
    < date: Wed, 28 Dec 2022 19:23:15 GMT
    date: Wed, 28 Dec 2022 19:23:15 GMT
    < content-type: application/json
    content-type: application/json
    < content-length: 19192
    content-length: 19192
    ...
      
  3. Apply the HTTP buffer filter policy to the httpbin app in your cluster. Note that this example sets the maximum request body size to 16 KB. Due to a bug in Envoy, this is the minimum size that must be set in order for the policy to work.

      kubectl apply -f- <<EOF
    apiVersion: trafficcontrol.policy.gloo.solo.io/v2
    kind: HTTPBufferPolicy
    metadata:
      name: buffer-filter
      namespace: httpbin
    spec:
      applyToRoutes:
      - route:
          labels:
            route: httpbin
      config:
        maxRequestBytes: 16384
    EOF
      
  4. Send another POST request to the httpbin app and provide the data file that you created earlier. The request is now rejected with a 413 HTTP response code, because the size of the request body exceeds the maximumRequestBytes size that you specified in the HTTP buffer filter policy by 1 byte.

    Example output:

      ...
    * We are completely uploaded and fine
    * Connection state changed (MAX_CONCURRENT_STREAMS == 2147483647)!
    < HTTP/2 413 
    HTTP/2 413 
    < content-length: 17
    content-length: 17
    < content-type: text/plain
    content-type: text/plain
    ...
      

Cleanup

You can optionally remove the resources that you set up as part of this guide.
  kubectl delete httpbufferpolicy buffer-filter -n httpbin
rm output.txt