CGI Apache Directive: LimitRequestLine
CGI Apache Directive: LimitRequestLine
am 25.11.2009 10:11:34 von AMartucci
------_=_NextPart_001_01CA6DAF.4949B806
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi, I'm hoping that you can help me with an issue we have come across regar=
ding some new development we're doing around the use of CGI Apache web serv=
ices.
I work in the Systems department for Premier Farnell (Leeds), we had an in-=
house course a while back that was presented by Paul Tuohy.. this was inte=
nded to give us an insight into CGI Apache and what it could do for our bus=
iness... hence this email now.
Our problem is this... we want to provide a web service that will provide a=
real time data link between our AS400 and web sites... we have achieved th=
is without a problem using a url "get" request to the CGI Apache server on =
the AS400.
However, the problem we have stumbled onto is the maximum size of the query=
string that we can use... this is limited to 8190 bytes... I believe this =
is a "Directive" constraint in Apache called: LimitRequestLine
We understand that there isn't such a limit using a "post" request but befo=
re we re-develop everything we have done we wanted to make sure that there =
wasn't anything we could do to get around the constraint I have just mentio=
ned. We would be looking at a maximum size more in the region of 32k.
I'd be very grateful if you could me what the "correct" course of action sh=
ould be to resolve this problem please?
Regards, Andy.
> Andy Martucci
>=20
> GIS Back Office
Premier Farnell
> amartucci@premierfarnell.com
>=20
> T: +44 113 279 0101 (ext 4087)
> F: +44 113 279 9168
www.farnell.com
A Premier Farnell Company=20
***************************Disclaimer*********************** ****=20
The contents of this e-mail and any file transmitted with it are confidenti=
al and intended solely for the individual or entity to whom they are addres=
sed. The content may also contain legal, professional or other privileged =
information. If you received this e-mail in error, please destroy it immedi=
ately. You should not copy or use it for any purpose nor disclose its cont=
ents to any other person. The views stated herein do not necessarily repres=
ent the view of the Company. Please ensure you have adequate virus protecti=
on before you open or detach any documents from this transmission. The Comp=
any does not accept any liability for viruses.
Premier Farnell plc
150 Armley Road Leeds
LS12 2QQ
Telephone +44 (0) 870 129 8608
Fax +44 (0) 870 129 8610=20
Registered in England
Company Number 876412
Registered Office: Farnell House, Forge Lane, Leeds LS12 2NE **************=
**********************************************=20
------_=_NextPart_001_01CA6DAF.4949B806
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
1">
CGI Apache Directive: LimitRequestLine
Hi, I'm hoping that you can help me with a=
n issue we have come across regarding some new development we're doing arou=
nd the use of CGI Apache web services.
I work in the Systems department for Premi=
er Farnell (Leeds), we had an in-house course a while back that was present=
ed by Paul Tuohy.. this was intended to give us an insight into CGI A=
pache and what it could do for our business... hence this email now.=
Our problem is this... we want to provide =
a web service that will provide a real time data link between our AS400 and=
web sites... we have achieved this without a problem using a url "get=
" request to the CGI Apache server on the AS400.
However, the problem we have stumbled onto=
is the maximum size of the query string that we can use... this is limited=
to 8190 bytes... I believe this is a "Directive" constraint in A=
pache called: LimitRequestLine
We understand that there isn't such a limi=
t using a "post" request but before we re-develop everything we h=
ave done we wanted to make sure that there wasn't anything we could do to g=
et around the constraint I have just mentioned. We would be looking at a ma=
ximum size more in the region of 32k.
I'd be very grateful if you could me what =
the "correct" course of action should be to resolve this problem =
please?
Regards, Andy.
Andy Martucci
GIS Back Office
>
Premier Farnell
FONT>
=
amartucci@premierfarnell.com
T: +44 113 279 0101 (=
ext 4087)
F: +44 113 279 9168<=
/FONT>
>www.farnell.com
&nb=
sp; A Premier Farnell Company
FONT>
***************************Disclaimer*********************** ****
The contents of this e-mail and any file transmitted with it are confide=
ntial and intended solely for the individual or entity to whom they are add=
ressed. The content may also contain legal, professional or other pri=
vileged information. If you received this e-mail in error, please destroy i=
t immediately. You should not copy or use it for any purpose nor disc=
lose its contents to any other person. The views stated herein do not neces=
sarily represent the view of the Company.
Please ensure you have adequate virus protection before you open or deta=
ch any documents from this transmission. The Company does not accept any li=
ability for viruses.
Premier Farnell plc
150 Armley Road
Leeds
LS12 2QQ
Telephone=
+44 (0) 870 129 8608
Fax +44 (0) 870 129 8610
Registered in England
Company Number 876412
Registered Office: Far=
nell House, Forge Lane, Leeds LS12 2NE
************************************************************
=
------_=_NextPart_001_01CA6DAF.4949B806--
Re: CGI Apache Directive: LimitRequestLine
am 25.11.2009 10:22:33 von Philip Wigg
> However, the problem we have stumbled onto is the maximum size of the query
> string that we can use... this is limited to 8190 bytes... I believe this is
> a "Directive" constraint in Apache called: LimitRequestLine
>
> We understand that there isn't such a limit using a "post" request but
> before we re-develop everything we have done we wanted to make sure that
> there wasn't anything we could do to get around the constraint I have just
> mentioned. We would be looking at a maximum size more in the region of 32k.
8190 bytes is the default but you increase it by specifying a larger
limit in your httpd.conf. Putting something like:-
LimitRequestLine 32768
should do it if that's all the problem is.
Cheers,
Phil.
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: CGI Apache Directive: LimitRequestLine
am 25.11.2009 10:28:07 von AMartucci
Hi Phil
Alas that isn't possible... there is a constraint in Apache that limits thi=
s to 8190... see following help text from Apache:
Maximum request line: allows you to reduce the limit on the allowed size of=
a client's HTTP request-line below the normal input buffer size compiled w=
ith the server. Since the request-line consists of the HTTP method, URI, an=
d protocol version, this option restricts the length of the request-URI. A =
server needs this value to be large enough to hold any of its resource name=
s, including any information that might be passed in the QUERY_STRING part =
of a GET request. This option gives the server administrator greater contro=
l over abnormal client request behavior, which may be useful for avoiding s=
ome forms of denial-of-service attacks. Under normal conditions, the value =
should not be changed from the default. Valid values include integers betwe=
en 0 and 8190. The first drop-down menu specifies units of memory. The seco=
nd drop-down menu provides the options:=20
Default: places 8190 in the edit field and "Bytes" in the first drop-down m=
enu.=20
Maximum: places 8190 in the edit field and "Bytes" in the first drop-down m=
enu.
This field is optional. Directive: LimitRequestLine
Regards, Andy.
-----Original Message-----
From: Philip Wigg [mailto:phil@philipwigg.co.uk]
Sent: 25 November 2009 09:23
To: users@httpd.apache.org
Subject: Re: [users@httpd] CGI Apache Directive: LimitRequestLine
> However, the problem we have stumbled onto is the maximum size of the que=
ry
> string that we can use... this is limited to 8190 bytes... I believe this=
is
> a "Directive" constraint in Apache called: LimitRequestLine
>
> We understand that there isn't such a limit using a "post" request but
> before we re-develop everything we have done we wanted to make sure that
> there wasn't anything we could do to get around the constraint I have just
> mentioned. We would be looking at a maximum size more in the region of 32=
k.
8190 bytes is the default but you increase it by specifying a larger
limit in your httpd.conf. Putting something like:-
LimitRequestLine 32768
should do it if that's all the problem is.
Cheers,
Phil.
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Click on the link below to report this email as spam.
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=== 20
***************************Disclaimer*********************** ****=20
The contents of this e-mail and any file transmitted with it are confidenti=
al and intended solely for the individual or entity to whom they are addres=
sed. The content may also contain legal, professional or other privileged =
information. If you received this e-mail in error, please destroy it immedi=
ately. You should not copy or use it for any purpose nor disclose its cont=
ents to any other person. The views stated herein do not necessarily repres=
ent the view of the Company. Please ensure you have adequate virus protecti=
on before you open or detach any documents from this transmission. The Comp=
any does not accept any liability for viruses.
Premier Farnell plc
150 Armley Road Leeds
LS12 2QQ
Telephone +44 (0) 870 129 8608
Fax +44 (0) 870 129 8610=20
Registered in England
Company Number 876412
Registered Office: Farnell House, Forge Lane, Leeds LS12 2NE **************=
**********************************************=20
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: CGI Apache Directive: LimitRequestLine
am 25.11.2009 10:38:44 von Philip Wigg
> Alas that isn't possible... there is a constraint in Apache that limits this to 8190... see following help text from Apache:
> Default: places 8190 in the edit field and "Bytes" in the first drop-down menu.
> Maximum: places 8190 in the edit field and "Bytes" in the first drop-down menu.
Talk of drop-down menus confuses me, I don't think this text is from
the Apache Software Foundation. Are you using the IBM HTTP Server or
similar?
You can certainly increase LimitRequestLine in Apache 2.2:-
http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestl ine
but I think you're probably using some repackaged version of 1.3 which
does have a compiled in limit as you describe. If so I can't think of
any way to increase it.
Cheers,
Phil.
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: CGI Apache Directive: LimitRequestLine
am 25.11.2009 10:42:45 von AMartucci
Sorry, yes that snippet was taken from the Server... Directive.
OK then I can certainly look into what you have said, I had thought we were=
on the latest version but maybe we aren't.
When I've spoken to our Ops team I'll get back to you.
Many thanks for taking the time to respond, very much appreciated.
Regards, Andy.
-----Original Message-----
From: Philip Wigg [mailto:phil@philipwigg.co.uk]
Sent: 25 November 2009 09:39
To: users@httpd.apache.org
Subject: Re: [users@httpd] CGI Apache Directive: LimitRequestLine
> Alas that isn't possible... there is a constraint in Apache that limits t=
his to 8190... see following help text from Apache:
> Default: places 8190 in the edit field and "Bytes" in the first drop-down=
menu.
> Maximum: places 8190 in the edit field and "Bytes" in the first drop-down=
menu.
Talk of drop-down menus confuses me, I don't think this text is from
the Apache Software Foundation. Are you using the IBM HTTP Server or
similar?
You can certainly increase LimitRequestLine in Apache 2.2:-
http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestl ine
but I think you're probably using some repackaged version of 1.3 which
does have a compiled in limit as you describe. If so I can't think of
any way to increase it.
Cheers,
Phil.
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Click on the link below to report this email as spam.
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=== 20
***************************Disclaimer*********************** ****=20
The contents of this e-mail and any file transmitted with it are confidenti=
al and intended solely for the individual or entity to whom they are addres=
sed. The content may also contain legal, professional or other privileged =
information. If you received this e-mail in error, please destroy it immedi=
ately. You should not copy or use it for any purpose nor disclose its cont=
ents to any other person. The views stated herein do not necessarily repres=
ent the view of the Company. Please ensure you have adequate virus protecti=
on before you open or detach any documents from this transmission. The Comp=
any does not accept any liability for viruses.
Premier Farnell plc
150 Armley Road Leeds
LS12 2QQ
Telephone +44 (0) 870 129 8608
Fax +44 (0) 870 129 8610=20
Registered in England
Company Number 876412
Registered Office: Farnell House, Forge Lane, Leeds LS12 2NE **************=
**********************************************=20
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: CGI Apache Directive: LimitRequestLine
am 25.11.2009 11:18:49 von AMartucci
I've been reliably informed that 8190 bytes is the maximum size available f=
or the get method and anything over this should be done using the post meth=
od.
Thanks to all that took the time to look at this for me.
Regards, Andy.
-----Original Message-----
From: Philip Wigg [mailto:phil@philipwigg.co.uk]
Sent: 25 November 2009 09:39
To: users@httpd.apache.org
Subject: Re: [users@httpd] CGI Apache Directive: LimitRequestLine
> Alas that isn't possible... there is a constraint in Apache that limits t=
his to 8190... see following help text from Apache:
> Default: places 8190 in the edit field and "Bytes" in the first drop-down=
menu.
> Maximum: places 8190 in the edit field and "Bytes" in the first drop-down=
menu.
Talk of drop-down menus confuses me, I don't think this text is from
the Apache Software Foundation. Are you using the IBM HTTP Server or
similar?
You can certainly increase LimitRequestLine in Apache 2.2:-
http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestl ine
but I think you're probably using some repackaged version of 1.3 which
does have a compiled in limit as you describe. If so I can't think of
any way to increase it.
Cheers,
Phil.
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Click on the link below to report this email as spam.
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=== 20
***************************Disclaimer*********************** ****=20
The contents of this e-mail and any file transmitted with it are confidenti=
al and intended solely for the individual or entity to whom they are addres=
sed. The content may also contain legal, professional or other privileged =
information. If you received this e-mail in error, please destroy it immedi=
ately. You should not copy or use it for any purpose nor disclose its cont=
ents to any other person. The views stated herein do not necessarily repres=
ent the view of the Company. Please ensure you have adequate virus protecti=
on before you open or detach any documents from this transmission. The Comp=
any does not accept any liability for viruses.
Premier Farnell plc
150 Armley Road Leeds
LS12 2QQ
Telephone +44 (0) 870 129 8608
Fax +44 (0) 870 129 8610=20
Registered in England
Company Number 876412
Registered Office: Farnell House, Forge Lane, Leeds LS12 2NE **************=
**********************************************=20
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: CGI Apache Directive: LimitRequestLine
am 25.11.2009 11:39:48 von Nick Kew
On 25 Nov 2009, at 10:18, Martucci, Andy wrote:
> I've been reliably informed that 8190 bytes is the maximum size available for the get method and anything over this should be done using the post method.
IIRC the HTTP spec limits it to 2kb, so you can't rely on any agent (server, browser
or proxy) allowing you more than that.
If you want apache to support longer lines (subject to all other agents you use also
doing so), build it with your selected value in include/httpd.h, where the limit is defined.
But the need to do any such thing smells of a design defect in your application
(and how do you deal with logging these huge requests - 8K log for a single
request)?
--
Nick Kew
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: CGI Apache Directive: LimitRequestLine
am 25.11.2009 15:59:28 von Hendrik Schmieder
Nick Kew schrieb:
> On 25 Nov 2009, at 10:18, Martucci, Andy wrote:
>
>> I've been reliably informed that 8190 bytes is the maximum size available for the get method and anything over this should be done using the post method.
>
> IIRC the HTTP spec limits it to 2kb, so you can't rely on any agent (server, browser
> or proxy) allowing you more than that.
>
> If you want apache to support longer lines (subject to all other agents you use also
> doing so), build it with your selected value in include/httpd.h, where the limit is defined.
>
> But the need to do any such thing smells of a design defect in your application
> (and how do you deal with logging these huge requests - 8K log for a single
> request)?
>
Do you know the rfc number for 'HTTP spec limits it to 2kb' ?.
I can't find such a statement in rfc2616.
Hendrik
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: CGI Apache Directive: LimitRequestLine
am 25.11.2009 16:17:28 von Nick Kew
Hendrik Schmieder wrote:
> Do you know the rfc number for 'HTTP spec limits it to 2kb' ?.
I said IIRC, and it's a memory from a long time ago - pre-rfc2616.
It may no longer be valid, but it was standard advice in the early
days: don't make GET requests bigger than 2k.
Of course, no standard limits the size. It just says (said)
that an implementation should not impose a lower limit.
The rest of what I said stands: if someone presents me with
a system where an 8k limit is a problem, my reaction is to
question the design decisions that led to it.
--
Nick Kew
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org