On 06/11/2018 00:02, Amit Pande wrote: > Thanks Mark for the update. Seems like there is a potential bug in our client > components which happened to keep on adding to existing header list. > > https://tomcat.apache.org/tomcat-8.5-doc/config/http.html > > From the documentation: > > maxHttpHeaderSize :The maximum size of the request and response HTTP header, > specified in bytes. If not specified, this attribute is set to 8192 (8 KB). > > Although some online searches (e.g. > https://serverfault.com/questions/56691/whats-the-maximum-url-length-in-tomcat) > suggest that this maxHttpHeaderSize applies to request line as well, could > the documentation be made more elaborate? > > Can we mention that this attribute puts the upper bound on combined size of > all request headers and the request line?
Sure. Patch / pull request welcome. Mark > > Thanks, > Amit > > On 11/3/18, 4:39 AM, "Mark Thomas" <ma...@apache.org> wrote: > > On 03/11/2018 01:35, Amit Pande wrote: > > Thanks Chris. Yes, I will soon send out the patch for review. > > Logically, I can see some hurdles for such a patch that are going to be > difficult to overcome. > > Tomcat will process all of the received data up to the limit. It is on > the subsequent read to get more data that the exception is thrown. > > The issue is how to determine which header is actually the problem as it > may not be the one currently being read. > > Consider the following: > > ReqLine - 1024 bytes > Headers - 5 * 128 bytes > Header - 1 * 6*1024 bytes > Headers - 5 * 128 bytes > > Is the problem the 6k header? The 1k request line? Has the client > duplicated the block of 5 128 byte headers? Or is the request valid and > Tomcat's limit too low? > > There is no way for Tomcat to determine where the root cause lies. The > only reliable way to figure out what went wrong is for a knowledgeable > system admin to look at the complete set of headers. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org