[users@httpd] "Size of Request header field exceeds limit" despite changed limits - how to debugg further?
Hi! * Alexander Reichle-Schmehl [220315 14:34]: > We initially tried to fix that by setting the LimitRequestFieldSize > configuration setting and asking the users to clear their cookies and > browser caches. That seems to have solved the problem for some, but not > for all of them. So we increased the value several times, and have now > reached LimitRequestFieldSize 33554432. Looking at the documentation > and the default value, that seems to be gigantic for me. Okay, apparently I should have read the documentation more carefully. We tried to set this in the global server configuration, and misread this warning in the documentation [1]: = When name-based virtual hosting is used, the value for this directive is taken from the default (first-listed) virtual host best matching the current IP address and port combination. = We do use virtual hosts, hence the global setting was ignored. The "users" we seemed to have fixed by this, had probaly just some broken cookies, and got access by cleaning them. Moving the LimitRequestFieldSize setting to the virtual host solved the problem. Best regards, Alexander Links: 1: https://httpd.apache.org/docs/2.4/en/mod/core.html#limitrequestfieldsize - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] "Size of Request header field exceeds limit" despite changed limits - how to debugg further?
Hi! We have a web application hosted on a Debian 10 server running httpd version 2.4.28. Recently we activated kerberos authentication on it using the auth_kerb module. That resulted in some of our users being unable to login to it. They receive errros "Bad request: Your browser send a request this server could not understand. Size of Request header field exceeds limit". We initially tried to fix that by setting the LimitRequestFieldSize configuration setting and asking the users to clear their cookies and browser caches. That seems to have solved the problem for some, but not for all of them. So we increased the value several times, and have now reached LimitRequestFieldSize 33554432. Looking at the documentation and the default value, that seems to be gigantic for me. However we still have user not being able to login. So I am wondering we are still on the right track by increasing that limit again and again. So far however I didn't find any other solutions or even hints and am wondering how to continue with that topic... Is it possible that this error is caused by something else? Or it it possible to log the size of the headers in use? Or can I check, if that setting is actually used? I set in the main apache configuration file. It is not overwritten in any virtual host or other settings. Enabling debugg level logs also didn't helped me much. I don't know what I am looking for. Best regards, Alexander - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org