How to fix "HTTP Error 400. The size of the request headers is too long" error from azure cloud services?

Question

We are doing a load/performance test on our Azure cloud service, where we hosted Web APIs. After a certain number of calls (say 500), cloud service is giving bad request error.

We have built web APIs in c# using web role and hosted them in Azure cloud service. I went through a few articles/forums and tried a couple of options as mentioned below: 1. Tried increasing cloud service VM instance size. 2. Tried increasing 'maxAllowedContentLength' value to 52428800. 3. Tried increasing 'maxRequestLength' value from 5120 to 16240. 4. Used VS Diagnostic tool to check if the issue is because of memory leak. None of them worked.

After hitting endpoint for around 450 - 500 times, this error comes only comes from the endpoints which involve communication to subsystems. This error is not reproducible locally. To come out of this problem, either we have to redeploy the cloud service or restart the cloud service. Ideally, cloud service should work until it's resource consumption reaches 100%. But getting below error after every approx 500 calls with max 10 - 15% resource utilization.

<HTML>
<HEAD>
<TITLE>Bad Request</TITLE> 
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii">
</HEAD> 
<BODY>
<h2>Bad Request - Request Too Long</h2> 
<hr><p>HTTP Error 400. The size of the request headers is too long.</p> 
</BODY>
</HTML>

Answer 1

For Me I Spent days looking into the issue. Reading blobs and solutions, cleared cache, set max limit of header size to a bigger number, nothing worked. Eventually it would fail.

This issue did not occur if i redploy my application but over a period of time this would start coming up,which made me realize it might be adding in memory.

I was calling another API from my project where we created the request and sent it and got the data.

 public async Task<DataList> GeDataList()
        {
            Client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", await _tokenProvider.GetBearerToken());

            Client.DefaultRequestHeaders.Add("X-CorrelationId", Guid.NewGuid().ToString());

            var requestMessage = new HttpRequestMessage()
            {
                Method = HttpMethod.Post,
                RequestUri = new Uri($"{Config.apiurl}{string.Format(Config.id, id2 == null ? id1 : id2)}")
            };
            requestMessage.Headers.Add(Constants.TRACE_HEADER, "true");
            requestMessage.Headers.Add(Constants.SUBSCRIPTION_KEY_HEADER, Config.APIKey);
            requestMessage.Content = new StringContent(JsonConvert.SerializeObject(requestdata), null, "application/json");
 ...................................
 ...................................
 ................................... 
}

Now this was the culprit Key

 Client.DefaultRequestHeaders.Add("X-CorrelationId", Guid.NewGuid().ToString());

Without even seeing it, this Client was a class Level variable of HttpClient. Creating a single instance of HttpClient is okay, but you have to realize that

.Add Header method, always appends to a key and does not override. Many people assume it to be key value.It is actually key and aaray of values. So each requests keeps on adding the correlation Id as new object to the array. And eventually this becomes a large amount of header

Fix: You can clear the key first

if(Client.DefaultRequestHeaders.Contains("X-CorrelationId")) {
    Client.DefaultRequestHeaders.Remove("X-CorrelationId");
}
Client.DefaultRequestHeaders.Add("X-CorrelationId", Guid.NewGuid().ToString());

You would still need to handle the conquerency issues because multiple conquerent request might update and override your headers.

Answer 2

It's not so easy to answer the question 'what's gone wrong here?' when you're presented with a 400 error. It means that the request itself has somehow become defective. The internet protocol HTTP hasn't been correctly adhered to (at least according to the webserver), which is why the request cannot be processed. The server has interpreted the request as faulty or even harmful. Therefore, it prevents the website from being properly displayed. The reasons for the error report are usually related to the browser used or a user error.

I ncorrect URL: Just like the 404 error, a bad request is generated if users enter the internet address incorrectly or, for example, insert special characters that aren't allowed.

Incorrect cookies: If the cookies in your browser are outdated or incorrect, this is another reason that an error 400 might occur. Outdated DNS records: Your DNS cache might contain data that links to incorrect IP addresses.

Files too large: If you try to upload particularly large files, the server can refuse to accept them. The server classifies this as a 'Bad Request'. Header too long: When communicating, the client and server use the header to define the request. Some webservers set an upper limit for the length of headers. It's not immediately obvious what the communication problem is when you're presented with the error message 'HTTP 400 Bad Request'. However, if the target webserver uses IIS 7.0, IIS 7.5, or IIS 8.0, more detailed information can be obtained from the status code:

• 400.1: Invalid Destination Header
• 400.2: Invalid Depth Header
• 400.3: Invalid If Header
• 400.4: Invalid Overwrite Header
• 400.5: Invalid Translate Header
• 400.6: Invalid Request Body
• 400.7: Invalid Content Length
• 400.8: Invalid Timeout
• 400.9: Invalid Lock Token

Error can be cause from any of the above reason. Hope it helps.

Answer 3

Deleting all cookies in my browser fixed the issue for me.