Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Size of the request headers is too long

Tags:

asp.net

I'm currently working on an ASP.NET MVC website and it works fine.

But I have a problem that I don't understand at all... When I launch my website on Visual Studio with Chrome for example no problem, but when I stop it and try to launch an other test with Firefox for example, my url is growing and then I get this error :

HTTP 400. The size of the request headers is too long.

Can someone explain me why this is happening ? Is it something with my code or does it come from IIS express or anything else ?

Thanks in advance

like image 819
MrPixel6 Avatar asked May 09 '16 09:05

MrPixel6


People also ask

How do I fix the request header size is too long?

The “Bad Request – Request Too Long” error is exclusive to browsers. The typical solution is to clear the cache and cookies in your browser.

What does it mean when a request header field is too long?

The size of the request headers is too long. This usually means that you have one or more cookies that have grown too big. Visit https://support.microsoft.com and - assuming the site opens normally - click on the padlock at the left-hand end of the address bar to open the site info pop-up.

How do I fix bad headers too long in Chrome?

1) Go to chrome://settings/cookies, or manually go to Settings->Advanced Settings->Privacy->Content->All Cookies and Site data). From there, you can search for cookies that match the Clarity URL you are having problems on. Finally, click "remove all" for the matching cookies.


3 Answers

You can probably increase the size of requests your webserver will allow. However, take a look at the amount and the size of cookies your browser are sending to the server. Clear your cookies and try again, and see if you can reduce the size and amount of cookies your app is using. The less, the better! Mobile browsers can get these errors, as they don't allow the same size as do desktop browsers(?).

The error can also mean the query string is getting too large.

like image 64
cederlof Avatar answered Oct 08 '22 22:10

cederlof


Check the MSDN:

Cause

This issue may occur when the user is a member of many Active Directory user groups. When a user is a member of a large number of active directory groups the Kerberos authentication token for the user increases in size. The HTTP request that the user sends to the IIS server contains the Kerberos token in the WWW-Authenticate header, and the header size increases as the number of groups goes up. If the HTTP header or packet size increases past the limits configured in IIS, IIS may reject the request and send this error as the response.

Resolution

To work around this problem, choose one of the following options:

A) Decrease the number of Active Directory groups that the user is a member of.

OR

B) Modify the MaxFieldLength and the MaxRequestBytes registry settings on the IIS server so the user's request headers are not considered too long. To determine the appropriate settings for the MaxFieldLength and the MaxRequestBytes registry entries, use the following calculations:

  1. Calculate the size of the user's Kerberos token using the formula described in the following article:

    New resolution for problems with Kerberos authentication when users belong to many groups http://support.microsoft.com/kb/327825

  2. Configure the MaxFieldLength and the MaxRequestBytes registry keys on the IIS server with a value of 4/3 * T, where T is the user's token size, in bytes. HTTP encodes the Kerberos token using base64 encoding and therefore replaces every 3 bytes in the token with 4 base64 encoded bytes. Changes that are made to the registry will not take effect until you restart the HTTP service. Additionally, you may have to restart any related IIS services.

like image 43
Rahul Tripathi Avatar answered Oct 08 '22 20:10

Rahul Tripathi


.NET MVC SOLUTION FOR ME In my case, it was my claims that was multiplying my session cookies to look as below in my browser cookies:

.AspNet.ApplicationCookie
.AspNet.ApplicationCookieC1
.AspNet.ApplicationCookieC2
.AspNet.ApplicationCookieC3
.AspNet.ApplicationCookieC4
.AspNet.ApplicationCookieC5
.AspNet.ApplicationCookieC6
.AspNet.ApplicationCookieC7
__RequestVerificationToken

I simply went to aspNetUserClaims table in my mssql management studio and cleared it. Then cleared the browser cookie for the project.

Refreshed the page. Kalas!!! Done!! I believe it happened because I was switching from one database connectionstring to another which caused the claimsManager to recreate session and add to my cookie. On saturation, everyting exploded.

like image 9
Ifeanyi Chukwu Avatar answered Oct 08 '22 22:10

Ifeanyi Chukwu