IBM Support

Request Header Field Size Exceeds Limit for Web server



Request to IBM HTTP Server fails with Response code 400.


Response from the browser could be shown like this:
Bad Request
Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.

IBM HTTP Server Error.log shows the following message:
"request failed: error reading the headers"


This is normally caused by having a very large Cookie, so a request header field exceeded the limit set for Web Server.
For IBM® HTTP Server, this limit is set by LimitRequestFieldSize directive (default 8K). The LimitRequestFieldSize directive allows the Web server administrator to reduce or increase the limit on the allowed size of an HTTP request header field.
SPNEGO authentication headers can be up to 12392 bytes. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.

Diagnosing The Problem

To assist with diagnose of the problem you can add the following to the LogFormat directive in the httpd.conf:
error-note: %{error-notes}n

Resolving The Problem

Increase the value for the directive LimitRequestFieldSize in the httpd.conf:

LimitRequestFieldSize 12288 or 16384

[{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Base Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF035","label":"z\/OS"},{"code":"PF012","label":"IBM i"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
07 September 2022