URL get and post request length limit

1. Various limitations and solutions on the amount of data carried by the Get request
There is no limit on the size and length of the data submitted by the Http Get method, and the HTTP protocol specification does not limit the length of the URL. This restriction is a particular browser and server restriction on it.

The first online problem handled by the new company is a certain product page, which fails to access on a certain machine, and nginx returns a 400 error, but there is no problem on other machines, even if the software and hardware of the machine in question are rebuilt using a virtual machine The environment will not be a problem.

After capturing the http request of the machine in question, it is found that the URL is too long and the cookie is too large, then the problem is very clear, because most people use the IE browser, IE browser limits the URL length, do Automatic truncation processing, so the total http header will not exceed the limit of nginx and can be returned normally. Using the same browser, the length of the URL is not limited, but the length of the cookie is shorter, which does not exceed the limit of the header buffer of nginx, and will not cause any problems. 400 error.




The solution is to modify the application servers used by nginx, tomcat, etc. to allow them to support larger header buffers. Of course, from the consideration of compatibility and other aspects, the fundamental solution is not to pass long parameters through GET.




===================The limitations and processing methods of each browser are listed below ===================== =====

Attachment: URL length limit of each browser (unit: number of characters)
IE: 2083
Firefox: 65536
Chrome: 8182
Safari: 80000
Opera: 190000




Attachment: URL length limit of each web server (unit: characters)

Apache (Server)

Accepts a maximum url length of 8,192 characters.

Microsoft Internet Information Server (IIS)

can accept a maximum URL length of 16,384 characters.

According to the above data, in order to allow all users to browse normally, the URL should not exceed the maximum length limit of IE (2083 characters). Of course, if the URL is not directly provided to the user, but provided to the program call, this The length of time is only affected by the web server.

Note: For Chinese transmission, it will eventually be transmitted in the encoded form after urlencode. If the browser's encoding is UTF8, the final encoded character length of a Chinese character is 9 characters.

So if the GET method is used, the maximum length is equal to the maximum length of the URL minus the number of characters in the actual path.



Attachment: The maximum number of cookies allowed under each browser domain
IE: Originally 20, later upgraded to 50
Firefox: 50
Opera: 30
Chrome: 180
Safari: Unlimited


Attachment : Each cookie allowed by the browser The maximum length of

Firefox and Safari: 4079 bytes
Opera: 4096 bytes
IE: 4095 bytes


Attached : Each application server sets the parameters of the header header


nginx: client_header_buffer_size and large_client_header_buffers
tomcat: maxHttpHeaderSize Tomcat's get request length setting:
<Connector port="8080" maxHttpHeaderSize="65536" 
2. POST request length limit In
theory , POST has no size limit. The HTTP protocol specification also does not limit the size, and the limitation is the processing power of the server's handler.

For example: cancel the POST size limit under Tomcat (Tomcat defaults to 2M);

open the conf directory under the tomcat directory, open the server.xml file, and modify

<Connector

debug="0"

acceptCount="100"

connectionTimeout="20000"

disableUploadTimeout= "true"

port="8080"

redirectPort="8443"

enableLookups="false"

minSpareThreads="25"

maxSpareThreads="75" maxThreads

="150"

maxPostSize="0"

URIEncoding="GBK"

>

</Connector>