Control Web Panel
WebPanel => Apache => Nginx => Topic started by: hanliong on March 14, 2024, 03:41:24 PM
-
Hi,
One of my client use Laravel for his web for the payday and attendance system. When it is accessed for many people, the server return with the response:
Bad Request Your browser sent a request that this server could not understand. Size of a request header field exceeds server limit.
I tried to find how to solve the issue, and I read at stackoverflow it is about LimitRequestFieldSize which has default 8140.
I have tried to find at httpd.conf, but I cannot find that parameter.
So, how do I change that value to prevent Bad Request?
Thanks.
-
Could you please advise of the following:
What distro are you trying to install CWP onto? / What distro are you are you running CWP on?
CWP Free or CWPpro?
Is this a PHP script?
-
Could you please advise of the following:
What distro are you trying to install CWP onto? / What distro are you are you running CWP on?
CWP Free or CWPpro?
Is this a PHP script?
I use Centos 7, with RAM 8Gb.
I use CWP Pro.
The script is PHP Laravel. the script was bought from codecanyon. the script is used for the payroll system and daily attendance of the staff.
Thanks.
-
Seems to be a cookie length problem
https://stackoverflow.com/questions/10309751/bad-request-your-browser-sent-a-request-that-this-server-could-not-understand
(https://stackoverflow.com/questions/10309751/bad-request-your-browser-sent-a-request-that-this-server-could-not-understand)
https://serverfault.com/questions/413984/increase-the-value-of-limitrequestfieldsize-in-apache (https://serverfault.com/questions/413984/increase-the-value-of-limitrequestfieldsize-in-apache)
You can make the change globally in httpd.conf or specific to a single virtual host in your vhost conf file:
LimitRequestFieldSize 16380
-
Hi,
I cannot find that variable inside httpd.conf and also vhost of a domain.
So, should I add it manually in httpd.conf?
By the way, yes, I have read at the stackoverflow that it can be about cookies problem, but I want to compare it by changingLimitRequestFieldSize.
Thanks.
-
Based on my reading, it is not a default option with a directive in the main httpd.conf (but implied that there is the default value which can be overridden by explicitly setting it). cPanel documentation also mentions it being settable by editing the .conf files manually:
https://support.cpanel.net/hc/en-us/articles/11610652942487-Customizing-the-LimitRequestFieldSize-and-LimitRequestBody-in-Apache (https://support.cpanel.net/hc/en-us/articles/11610652942487-Customizing-the-LimitRequestFieldSize-and-LimitRequestBody-in-Apache)
-
PHP Laravel is just an open-source server-side web framework language.
Has this ever worked?
Or did it just stop working one day?
-
I have tried to set it at domain's virtualhost by adding it manually at:
/usr/local/apache/conf.d/vhosts/[domain].conf
Then I edit the part like this:
<VirtualHost xxxxxx>
ServerName xxxxx
LimitRequestFieldSize 16384
</VirtualHost>
And restart apache and nginx.
So far, there is no mor problem. So I'm not sure, is ti true about the LimitRequestFieldSize or cookies. I am just afraid Dos Attack. I read that increasing LimitRequestFieldSize is very dangerous because of Dos Attack.
-
Is it an internal-facing system? Firewall it, tune LFD to be appropriately aggressive.
Is it a public internet accessible system? Put it behind Cloudflare. Their DDoS protection and infrastructure is top notch. $25/mo for the Professional tier is a good investment that will maximize your uptime and reduce your worries.