Apache AH00561 – size of a request header field exceeds server limit

Published by Tobias Hofmann on

3 min read

When sending a HTTP request to Apache it might happen that the response is HTTP 400.

<!DOCTYPE HTML PUBLIC \”-//IETF//DTD HTML 2.0//EN\”>\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand.<br />\nSize of a request header field exceeds server limit.</p>\n</body></html>\n”

The error message is:

Size of a request header field exceeds server limit.

Root cause

The browser is sending a large HTTP header. Apache fails to process the HTTP request because, for instance, the request includes authentication information in the form of an access token. In my case, the authorization header is blowing up the request and already takes > 8Kb of space.

The http request contains a large header because the Authorization header is already larger than 8kb. Large is relative and depends on the Apache (or any web server) configuration. In current Apache version, everything that is larger than 8kb is considered too large.

In the Apache log the error is logged too.

[timestamp] [core:debug] [pid 10:tid 140312387237632] protocol.c(1022): (28)No space left on device: [client 172.21.0.1:63472] Failed to read request header line Authorization: Bearer eyJhbGciOiMjg2OXRyaWFsIiwic[…]

[timestamp] [core:info] [pid 10:tid 140312387237632] [client 172.21.0.1:63472] AH00561: Request header exceeds LimitRequestFieldSize: Authorization

[timestamp] [core:debug] [pid 10:tid 140312387237632] protocol.c(1375): [client 172.21.0.1:63472] AH00567: request failed: error reading the headers

The Apache log contains the error ID: AH00561

Why Apache reports this as HTTP 400 and not as HTTP 413? I have no idea. Maybe because the error is in the Authorization field? I know 413 when the cookies are too large.

Solution

With the error ID AH00561 known, it is easy to find the parameter that causes the error:

Apache documentation shows an explanation for the error: “The max size of the http header permitted by default is 8kb.”

To increase the limit, adjust the parameter LimitRequestFieldSize for the virtual host or location in the Apache configuration.

Example

Increase the max header size to 20Kb.

<VirtualHost *:80>
  ProxyRequests Off
  LimitRequestFieldSize 200000
  <Location /wf >
    ProxyPass http://backend/wf
    ProxyPassReverse http://backend/wf
    Order allow,deny
    Allow from all
  </Location>
</VirtualHost>

This is another example that a good error message should contain a hint why something failed and the log should contain an error message ID that is unique. Both make it easy to find a solution.

Let the world know
Categories: Technology

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

1 Comment

Vincent · January 24, 2023 at 17:14

Hi Tobias,

You indicate to increase the size to 20Kb, but in your example code, you increase it to 200Kb.

ProxyRequests Off
LimitRequestFieldSize 200000

That may induce to errors with other users.

Kind regards,
Vincent

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.