Bug#799105: Moreinfo: SPNEGO authentication headers can be up to 12392 bytes.

To: 799105@bugs.debian.org
Subject: Bug#799105: Moreinfo: SPNEGO authentication headers can be up to 12392 bytes.
From: Bastien Roucariès <rouca@debian.org>
Date: Sun, 06 Oct 2024 14:45:27 +0000
Message-id: <[🔎] 144024595.T5IMXSbTf8@portable-bastien>
Reply-to: Bastien Roucariès <rouca@debian.org>, 799105@bugs.debian.org
References: <55F89130.4000608@yandex.ru>

control: tags -1 + moreinfo

According to a quick research:

The solution was to raise the HTTP request header field size with the following directive:

LimitRequestFieldSize  65536

Have a look at the official Apache HTTPD documentation of this directive:

    The LimitRequestFieldSize directive allows the server administrator to set the limit on the allowed size of an HTTP request header field. A server needs this value to be large enough to hold any one header field from a normal client request. The size of a normal request header field will vary greatly among different client implementations, often depending upon the extent to which a user has configured their browser to support detailed content negotiation. SPNEGO authentication headers can be up to 12392 bytes.

To be safe use LimitRequestFieldSize  65536

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: Processed: closing 801509
Next by Date: Processed: Moreinfo: SPNEGO authentication headers can be up to 12392 bytes.
Previous by thread: Processed: closing 801509
Next by thread: Processed: Moreinfo: SPNEGO authentication headers can be up to 12392 bytes.
Index(es):
- Date
- Thread