Hi! We have a web application hosted on a Debian 10 server running httpd version 2.4.28. Recently we activated kerberos authentication on it using the auth_kerb module. That resulted in some of our users being unable to login to it. They receive errros "Bad request: Your browser send a request this server could not understand. Size of Request header field exceeds limit". We initially tried to fix that by setting the LimitRequestFieldSize configuration setting and asking the users to clear their cookies and browser caches. That seems to have solved the problem for some, but not for all of them. So we increased the value several times, and have now reached LimitRequestFieldSize 33554432. Looking at the documentation and the default value, that seems to be gigantic for me. However we still have user not being able to login. So I am wondering we are still on the right track by increasing that limit again and again. So far however I didn't find any other solutions or even hints and am wondering how to continue with that topic... Is it possible that this error is caused by something else? Or it it possible to log the size of the headers in use? Or can I check, if that setting is actually used? I set in the main apache configuration file. It is not overwritten in any virtual host or other settings. Enabling debugg level logs also didn't helped me much. I don't know what I am looking for. Best regards, Alexander --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|