When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked as an error state by mod_cluster in httpd. The problem is that requests exceeding the max-header-size cause JBoss EAP to close the TCP connection without returning an AJP response. A malicious user could exploit this behavior by repeatedly sending requests that exceed the max-header-size, it causes a denial-of-service attack. This is because mod_proxy_cluster marks JBoss instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding.