stackoom
  简体   繁体   中英

Can we increase http header size beyond 64kb in Windows

 原文  2021-02-10 12:45:05       asp.net/ windows/ http/ owin/ http.sys

Question

I have a situation where the HTTP Authorization request header size is more than 64kb (approximately 90kb) for a particular user. The reason for large size is because the header contains a bearer token, and the user who has initiated the http request has lot of claims.

The problem is for this particular user the web server always returns an error stating:

"HTTP Error 400. The size of the request headers is too long".

The web application is self hosted in a console application using Microsoft owin , so iis is not involved.

While looking into the issue, I came across the following document . It denotes the maximum value for MaxFieldLength is 64kb which denotes the maximum header length handled by http.sys, and my server is set to the maximum value i,e 65,536.

I tried increasing the value further to 131,072 out of curiosity but as expected it did not solve the issue.

So is there any other way to increase the header maximum length?

2 answers

solution1
 0  2021-02-21 04:59:00

I encountered this and solved it by just increasing the limits set in registry. (open command and type regedit).

You were right to modify MaxFieldLength , however, you also have to modify MaxRequestBytes as it is stated in the documentation :

Workaround 2: Set MaxFieldLength and MaxRequestBytes registry entries:

By default, there is no MaxFieldLength registry entry. This entry specifies the maximum size limit of each HTTP request header. The MaxRequestBytes registry entry specifies the upper limit for the total size of the Request line and the headers. Typically, this registry entry is configured together with the MaxRequestBytes registry entry.

If the MaxRequestBytes value is lower than the MaxFieldLength value, the MaxFieldLength value is adjusted . In large Active Directory environments, users may experience logon failures if the values for both these entries aren't set to a sufficiently high value.

You will have to add/modify these entries in:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

For IIS 6.0 and later, the MaxFieldLength and MaxRequestBytes registry keys are located at the following sub key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

solution2
 0 ACCPTED  2021-03-12 14:14:54

After realizing that there is no possible solution from http.sys server on increasing the size limit beyond the stated maximum, the following solution has been implemented to overcome the problem in hand.

Disclaimer: It is more of a workaround than a proper solution.

Create a new version (v2, because these are breaking changes) of existing controllers with following changes:

  • Convert every GET request into a POST request and pass any applicable query parameters as key value pairs in request body.
  • Add an additional key "access_token" in each request body with value of bearer token for handling authorization. Ignored for unprotected end points.
  • Update documentation and inform all the end users about the changes done with lucid examples.
  • Decorate old version with "Deprecated" tag.

solution3
 -1  2021-02-19 20:42:46

I have a situation where the HTTP Authorization request header size is more than 64kb (approximately 90kb) for a particular user. The reason for large size is because the header contains a bearer token, and the user who has initiated the http request has lot of claims.

The problem is for this particular user the web server always returns an error stating:

"HTTP Error 400. The size of the request headers is too long".

The web application is self hosted in a console application using Microsoft owin , so iis is not involved.

While looking into the issue, I came across the following document . It denotes the maximum value for MaxFieldLength is 64kb which denotes the maximum header length handled by http.sys, and my server is set to the maximum value i,e 65,536.

I tried increasing the value further to 131,072 out of curiosity but as expected it did not solve the issue.

So is there any other way to increase the header maximum length?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Maximum default POST request size of IIS 7 - how to increase 64kB/65kB limit? Increase maximum size of POST or PUT request to Kentico REST services over 64KB How to view the web server http response size in KB? how can we increase or decrese the size of div on btn click in asp.net? how can we increase or decrease the size of div on btn click in asp.net? How to Increase item size in Http Post Trying to increase the default stack size of IIS on Windows Server 2008 File Size column with kb in sharepoint how should we validate http header referrer in aspx .net Can we create custom HTTP Status codes?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM