DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations

How to Allow a Request/Response Size Above 8KB

If your data is too big (particularly over 8KB), you may get a '400 — Bad request from the server' error. Here's what you can do about it.

Abhay Mishra user avatar by
Abhay Mishra
·
May. 01, 17 · Tutorial
Like (1)
Save
Tweet
Share
8.79K Views

Join the DZone community and get the full member experience.

Join For Free

We have our current platform set up with Akamai as the CDN, Apache as the web server, and AEM as the content tool. We had to do real-time ID verification through Signicat — which returned a huge SAML. When we get this huge amount of SAML and try to pass it to our server to parse, we always find bad SAML; it was getting truncated after a certain number of characters (around 7,800). My initial assumption was that the browser was restricting the size and hence truncating, causing a "400 — Bad request from the server" error. I searched on the internet and did not find any credible solution to my problem. After researching I found that this issue is a server-side issue, as most web servers restrict request the size to 8KB. Initially, I thought just aone server was restricting — but I realized that all three servers were. 

If your request gets truncated due to its large size and you get "400 — Bad request from the server," this means that your web server, proxy, or content server is not able to handle a large amount of data. You will not find any logs in your application, as it is a server configuration issue. You need to increase the size of the server request.

When we do a redirection from Java servlet through response.sendRedirect with a response size more than 8KB, the server trims the size to 8K. So, it is not possible to send a large amount of data.

Generally, we write the code like:

String paramValue= "whatever" ;
response.sendRedirect(url+"param="+paramValue) ;

...where paramValue > 8KB of the parameter is named param. url is where we want to redirect to. If the above code trims your response size, then do the following.

Solution 1

So, instead of doing a redirect at the server side, send the entire string back to the browser so that the browser can do a redirect. When the browser initiates, it does not trim the size.

String outstr="<html><script>window.location.;</script>";
response.getWriter().print(outstr);

When we return to the browser, it will act based on the script.

To avoid cross-scripting, it's good to take some protections like below.

String.getParameter("param");
if (param != null && param.toLowerCase().indexOf("script") != -1) {
 return;
}

This will make sure that if the value contains script tag for any malicious use, it will not allow proceeding further.

Solution 2

String outstr="<html><script>window.sessionStorage.param= '"+ paramValue+"';url';</script>";
response.getWriter().print(outstr);

Solution 1 will work better with mobile apps, as mobile apps open browsers internally and they can't read session storage from external browsers. For web apps, both will work.

Conclusion

Normally, all the web servers have a request size limit of 8KB. Those servers may have similar solutions to increase the size of the request. If you increase you request header size, this issue will be resolved.

Requests

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Is DevOps Dead?
  • Comparing Map.of() and New HashMap() in Java
  • DevOps for Developers: Continuous Integration, GitHub Actions, and Sonar Cloud
  • Solving the Kubernetes Security Puzzle

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: