Does apache have a limit to cookie size

apache-2.2cookies

A application bug caused us to set a cookie that's too large.

Clients get an error that happens prior to our application being executed (mod_python).

Are there any adjustable limits within apache for how large a cookie header can be ?

Within apache error logs, I'm seeing: request failed: error reading the headers

Best Answer

See the LimitRequestLine directive in Apache's configuration. The default is 8190 so anything bigger than that has the potential to cause problems.

This directive sets the number of bytes that will be allowed on the HTTP request-line.

The LimitRequestLine directive allows the server administrator to reduce or increase the limit on the allowed size of a client's HTTP request-line. Since the request-line consists of the HTTP method, URI, and protocol version, the LimitRequestLine directive places a restriction on the length of a request-URI allowed for a request on the server. A server needs this value to be large enough to hold any of its resource names, including any information that might be passed in the query part of a GET request.

This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.

I believe this is the limit of the sum of all cookies on a web page and not just an individual cookie (not positive on that though). But all the cookies for a website are transmitted using the a single request header, so if enough cookies are on a webpage and the sum exceeds the value of the LimitRequestLine directive, there will be problems.

Related Solutions

PHP/Apache POST limit

Why don't you double check the size of the POST request. For example, you can use netcat to listen on 8080.

netcat -l -p 8080

Then, redirect your browser to use a proxy on port 8080 just before submitting the form. You should get something like this:

POST http://example.com/path/to/my/wiki/index.php HTTP/1.1
Host: example.com
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 217

The most important line is Content-Length and just double check the actual length of the content. That will at least help you to determine where things are going wrong. You will at least have an idea of the actual content size.

Then, ensure that you are directly connecting to Apache and not through either a proxy or a reverse-proxy. Some reverse-proxies place a cap on the maximum size of a request as a sort of security measure. So, you may want to check that as well as your Apache logs to ensure that nothing else is going on.

Web-server – How to automatically restart Apache service after HTTP 503 error

you should really fix the problem, but you could run something like this for a temp solution:

#!/bin/sh                                                                                                            
HTTP_STATUS=`lynx -head -source http://mysite.com |head -1 |awk '{print $2}'`                             
if [ "$HTTP_STATUS" = "503" ]                                                                                       
then                                                                                                                 
        /etc/init.d/http restart                                                                                   
fi

Best Answer

Related Solutions

PHP/Apache POST limit

Web-server – How to automatically restart Apache service after HTTP 503 error

Related Topic