[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Large authorization header returning error 400


On Wed, Aug 29, 2018 at 3:12 AM, Audebert Bernard <bernard.audebert@xxxxxx> wrote:

The request work fine with Authorization header line of up to at least 5674 bytes but break with Authorization header of more than 6178 bytes with the following answer :

Here is an excert of the server-info page we have activated to ensure that the LimitRequestFieldSize was high enough (curently set at ~40k)


    129: LimitRequestBody 52428800
    130: LimitRequestFields 50
    131: LimitRequestFieldsize 40960
    132: LimitRequestLine 40960

These settings are global? Or did you restrict them to a named vhost? You don't give enough context here.

It is too late to limit them in a vhost, because the limits are applied during the reading of the request from network, before the host (other than first-physical ip:port host) has been deciphered.

Move these to the global config and it should be fine.