Friday, March 9, 2012

HTTP 400 - Bad Request (Request Header too long) -- error in Internet Information Services (IIS)

http://support.microsoft.com/kb/2020943

Siehe auch MaxTokenSize: http://support.microsoft.com/kb/327825

By default, the MaxFieldLength registry entry is not present. This registry entry specifies the maximum size limit of each HTTP request header. The MaxRequestBytes registry entry specifies the upper limit for the total size of the Request line and the headers. Typically, this registry entry is configured together with the MaxRequestBytes registry entry. If the MaxRequestBytes value is lower than the MaxFieldLength value, the MaxFieldLength value is adjusted. In large Active Directory environments, users may experience logon failures if the values for both these entries are not set to a sufficiently high value.
For Internet Information Services (IIS) 6.0 and later, the MaxFieldLength and MaxRequestBytes registry keys are located at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters. Configure them as shown in the following table:
Name Value TypeValue Data
MaxFieldLengthDWORD(4/3 * T bytes) + 200
MaxRequestBytes DWORD(4/3 * T bytes) + 200



Alternatively you may set the registry keys to their maximum values shown below. The Administrator should consider all potential security ramifications if he makes any changes to the registry settings:

Name Value TypeValue Data
MaxFieldLengthDWORD65534
MaxRequestBytes DWORD16777216



IMPORTANT: Changing these registry keys can be considered extremely dangerous. These keys allow larger HTTP packets to be sent to IIS, which in turn may cause Http.sys to use more memory and may increase vulnerability to malicious attacks.

NOTE: If MaxFieldLength is configured to its maximum value of 64KB, then the MaxTokenSize registry value should be set to 3/4 * 64 = 48KB. For more information on the MaxTokenSize setting, please see the Microsoft knowledge base article KB327825 listed below.

No comments:

Post a Comment