My Oracle Support Banner

OHS SSL Request LimitRequestFieldSize Directive Ignored and Header Request Size Unknown (Doc ID 2391162.1)

Last updated on APRIL 26, 2018

Applies to:

Oracle HTTP Server - Version 12.2.1.2.0 and later
Linux x86-64

Symptoms

OHS ssl.conf LimitRequestFieldSize directive configured to set the number of bytes allowed for HTTP request headers to be larger than the default, 8190 bytes, for SSL requests.

However, the $DOMAIN_HOME/servers/<ohs name>/logs/access_log shows HTTP status 400 (Bad Request) errors.

The access_log does not capture the request header size sent; therefore, it is unclear if LimitRequestFieldSize limit is exceeded, and it is not known to how to test LimitRequestFieldSize.

Changes

OHS ssl.conf edited to include LimitRequestFieldSize.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.