A client of ours emailed us a few days ago and told us that whenever he tries to access his website, he’s seeing the following error:
Bad Request: Your browser sent a request that this server could not understand. Size of a request header field exceeds server limit.
He told us that he was the only one in his company seeing this problem, but that he had no idea whether any of his website’s visitors was having the same problem. He asked us to investigate, and so we did.
A quick research revealed that the issue was related to his browser having a huge cookie that was bigger than the maximum size allowed by the server. So, a fast solution to the problem was to ask him to clear his cookies on his browser. However, that didn’t technically solve the problem, it just made the problem go away. But, we know that these problems are like seagulls, when you shoo them away, they will leave, but they will eventually return.
So, we had to solve this problem at its root, and solving it at its root meant that we had to increase the maximum size of the cookie allowed by the server at the server level. We did this the following way :
- We ssh’d to the server as root.
-
We opened the file httpd.conf located under the /usr/local/apache/conf/ folder.
-
We added the following line to the very beginning of the file:
LimitRequestFieldSize 16384
-
We saved the file and we restarted Apache.
-
The problem was solved!
Note that the location of the httpd.conf file may vary from one Linux distribution to another. The location specified in the guide above applies to a CentOS (WHM) server.
Additionally, note that the above solution can only be implemented if you have root access to your server (e.g. if you have a VPS or a dedicated server). If you are on a shared hosting, then your best option would be to contact your host and ask them to increase the LimitRequestFieldSize value for you (keep in mind that your host will probably refuse as this will open a whole can of worms for them – so, your other best option would be to move to a VPS or a dedicated server).
But, what is the default value of LimitRequestFieldSize?
The default value of LimitRequestFieldSize is 8190 (speaking a bit more technically, the 8190 is the default maximum size of the HTTP request header field). Typically, most websites do not need to go over the default limit, but some websites store a lot of data in their cookies, causing the limit to be exceeded, and eventually causing the problem described in this post.
Can the problem be fixed at the .htaccess level?
Unfortunately, no, it can’t be fixed there. It can only be fixed at the httpd.conf level (hence the problem cannot be fixed if you are on a shared hosting).
If you have the same problem on your website, then try, before clearing your cookies, to fix the problem at the server level by modifying the httpd.conf file. The reason why it’s better to fix the problem before clearing your cookies is to make sure that you actually fixed the problem. If the problem is still there, then please contact us. We’ll fix it for you in as little time as possible and for a super affordable fee!