IBM Support

Request Header Field Size Exceeds Limit for Web server

Troubleshooting


Problem

Request to IBM HTTP Server fails with Response code 400.

Symptom

Response from the browser could be shown like this:
Bad Request
Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.

IBM HTTP Server Error.log shows the following message:
"request failed: error reading the headers"

Cause

This is normally caused by having a very large Cookie, so a request header field exceeded the limit set for Web Server.
For IBM® HTTP Server, this limit is set by LimitRequestFieldSize directive (default 8K). The LimitRequestFieldSize directive allows the Web server administrator to reduce or increase the limit on the allowed size of an HTTP request header field.
SPNEGO authentication headers can be up to 12392 bytes. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.

Diagnosing The Problem

To assist with diagnose of the problem you can add the following to the LogFormat directive in the httpd.conf:
error-note: %{error-notes}n

Resolving The Problem

Increase the value for the directive LimitRequestFieldSize in the httpd.conf:

LimitRequestFieldSize 12288 or 16384

[{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Base Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF035","label":"z\/OS"},{"code":"PF012","label":"IBM i"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.0","Edition":""}]

Document Information

Modified date:
15 June 2018

UID

swg21384722