Re: Large authorization header returning error 400

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Aug 29, 2018 at 3:12 AM, Audebert Bernard <bernard.audebert@xxxxxx> wrote:

The request work fine with Authorization header line of up to at least 5674 bytes but break with Authorization header of more than 6178 bytes with the following answer :

Here is an excert of the server-info page we have activated to ensure that the LimitRequestFieldSize was high enough (curently set at ~40k)


    129: LimitRequestBody 52428800
    130: LimitRequestFields 50
    131: LimitRequestFieldsize 40960
    132: LimitRequestLine 40960

These settings are global? Or did you restrict them to a named vhost? You don't give enough context here.

It is too late to limit them in a vhost, because the limits are applied during the reading of the request from network, before the host (other than first-physical ip:port host) has been deciphered.

Move these to the global config and it should be fine.
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux