DZone
Web Dev Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Web Dev Zone > How to Allow a Request/Response Size Above 8KB

How to Allow a Request/Response Size Above 8KB

If your data is too big (particularly over 8KB), you may get a '400 — Bad request from the server' error. Here's what you can do about it.

Abhay Mishra user avatar by
Abhay Mishra
·
May. 01, 17 · Web Dev Zone · Tutorial
Like (1)
Save
Tweet
8.54K Views

Join the DZone community and get the full member experience.

Join For Free

We have our current platform set up with Akamai as the CDN, Apache as the web server, and AEM as the content tool. We had to do real-time ID verification through Signicat — which returned a huge SAML. When we get this huge amount of SAML and try to pass it to our server to parse, we always find bad SAML; it was getting truncated after a certain number of characters (around 7,800). My initial assumption was that the browser was restricting the size and hence truncating, causing a "400 — Bad request from the server" error. I searched on the internet and did not find any credible solution to my problem. After researching I found that this issue is a server-side issue, as most web servers restrict request the size to 8KB. Initially, I thought just aone server was restricting — but I realized that all three servers were. 

If your request gets truncated due to its large size and you get "400 — Bad request from the server," this means that your web server, proxy, or content server is not able to handle a large amount of data. You will not find any logs in your application, as it is a server configuration issue. You need to increase the size of the server request.

When we do a redirection from Java servlet through response.sendRedirect with a response size more than 8KB, the server trims the size to 8K. So, it is not possible to send a large amount of data.

Generally, we write the code like:

String paramValue= "whatever" ;
response.sendRedirect(url+"param="+paramValue) ;

...where paramValue > 8KB of the parameter is named param. url is where we want to redirect to. If the above code trims your response size, then do the following.

Solution 1

So, instead of doing a redirect at the server side, send the entire string back to the browser so that the browser can do a redirect. When the browser initiates, it does not trim the size.

String outstr="<html><script>window.location.;</script>";
response.getWriter().print(outstr);

When we return to the browser, it will act based on the script.

To avoid cross-scripting, it's good to take some protections like below.

String.getParameter("param");
if (param != null && param.toLowerCase().indexOf("script") != -1) {
 return;
}

This will make sure that if the value contains script tag for any malicious use, it will not allow proceeding further.

Solution 2

String outstr="<html><script>window.sessionStorage.param= '"+ paramValue+"';url';</script>";
response.getWriter().print(outstr);

Solution 1 will work better with mobile apps, as mobile apps open browsers internally and they can't read session storage from external browsers. For web apps, both will work.

Conclusion

Normally, all the web servers have a request size limit of 8KB. Those servers may have similar solutions to increase the size of the request. If you increase you request header size, this issue will be resolved.

Requests

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Progressive Delivery With Argo Rollouts: Blue-Green Deployment
  • Common Types Of Network Security Vulnerabilities In 2022
  • How to Build Security for Your SaaS User Communications
  • Introduction to JWT (Also JWS, JWE, JWA, JWK)

Comments

Web Dev Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo