Name
LimitRequestFields
Synopsis
LimitRequestFields number
Default: LimitRequestFields 100
Server config
number is an integer from 0 (meaning
unlimited) to 32,767. The default value is defined by the
compile-time constant DEFAULT_LIMIT_REQUEST_FIELDS
(100 as distributed).
The LimitRequestFields directive allows the server
administrator to modify the limit on the number of request header
fields allowed in an HTTP request. A server needs this value to be
larger than the number of fields that a normal client request might
include. The number of request header fields used by a client rarely
exceeds 20, but this may vary among different client implementations,
often depending upon the extent to which a user has configured her
browser to support detailed content negotiation. Optional HTTP
extensions are often expressed using request-header fields.
This directive gives the server administrator greater control over abnormal client-request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request.
Get Apache: The Definitive Guide, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
