Malformed HTTP Request in Apache

thefourtheye picture thefourtheye · Feb 7, 2012 · Viewed 9.3k times · Source

I have an Apache server which gets a malformed HTTP Request (cookie size is very big). The server displays the Cookie value along with Bad Request. Is there a way to handle this?

I tried ErrorDocument directive, but that is not helping in this case.

Answer

fyr picture fyr · Feb 7, 2012

Look at this page it will explain it in detail. And it will also show you the exact same problem as you describe:

Example with explanation: http://stevesouders.com/tests/cookie-max.php

If you want to have custom error handling

ErrorDocument 400

should do the job if configured correctly in the .htaccess file. You might also configure it directly in httpd.conf (see.: https://serverfault.com/questions/158122/problems-redirecting-error-400-bad-request-to-custom-page).

Despite the possibility to fix this with this configuration option you should consider to do the following based on the reason why the error occured:

  • This error occures while using your site regularly - Fix your code this should never happen and cookies should never exceed 4k in total
  • This may not occure while using your site regularly - Fix nothing. Never invest time in nice-looking-pages which will only be seen by ppl who try to exploit things somehow