How to change the limitrequestfieldsize in Apache 2.4.2

This issue can be solved by updating the directive LimitRequestFieldSize either in the apache httpd.conf or in the virtual hosts.

How to add the prop in the virtual host

<VirtualHost 10.10.50.50:80>
    ServerName www.mysite.com
    
    LimitRequestFieldSize 16384
    
    RewriteEngine On
    ...
    ...
</VirtualHost>

How to add in the httpd.conf which is inside , apache2/conf/httpd.conf

LimitRequestFieldSize 16384

But even after doing this i am still getting bad request error.


In the end I solved simply adding LimitRequestFieldSize 500000 to the file httpd-default.conf


What you just did is open the door to a DoS attack.

Take a look at the LimitRequestFieldSize directive in the Apache documentation:

Quoting from that source:

This directive specifies the number of bytes that will be allowed in an HTTP request header.

The LimitRequestFieldSize directive allows the server administrator to set the limit on the allowed size of an HTTP request header field. A server needs this value to be large enough to hold any one header field from a normal client request. The size of a normal request header field will vary greatly among different client implementations, often depending upon the extent to which a user has configured their browser to support detailed content negotiation. SPNEGO authentication headers can be up to 12392 bytes.

This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.

The documentation also specifies that the context of that directive is server config (which means server-wide) and virtual host (you can apply this directive on a per-vhost basis).

In addition, you do not mention what your OS is. In case it's Linux (which I'm more familiar with):

  • The configuration file, httpd.conf, is found in /etc/httpd/conf/httpd.conf (RHEL, CentOS, Fedora, Scientific Linux).

  • In Debian, and derivatives like Ubuntu (I don't think that is the case here, but I am mentioning it anyway just for the record), the configuration file is apache2.conf and can be found in /etc/apache2/apache2.conf.

Hope it helps.

And last but not least, you may want to check out the Unix and Linux Q&A here in StackExchange for questions like this (assuming Linux or other *Nix OS). You may have better luck at getting an answer.

Tags:

Apache

Configuration

Recent Posts