Reputation: 73
Are there dangers/implications to increasing max-http-header-size on a spring boot application?
I've recently needed to increase the max-http-header-size on a Spring Boot application because the request headers that were being sent through from our front end was too large. I increase it from 8KB to 16KB and it's resolved my problem.
My question is: are there any implications/dangers associated with increasing the max-http-header-size? Is there any way it could negatively impact my application, impact performance, compromise security, etc.
I haven't found any explicit info on the subject and was wondering if anyone could provide me with more information.
Thank you!
Upvotes: 7
Views: 2494
Answers (2)
Reputation: 51
One issue which I observed increasing the value of max-http-header-size(in my case 100 MB) allocated more memory to each requests which frequently resulted in Out of Memory errors when multiple requests were sent. This was observed even when the requests were simple and the header size was small.
Upvotes: 5
Reputation: 106
For my understanding, Uncapped HTTP header size keeps the server exposed to attacks and can bring down its capacity to serve organic traffic.
Upvotes: 5
Related Questions
- How to increase header size limit Tomcat Java
- How to set max-http-header-size in Spring Boot 2.x application
- JAVA -tomcat- Request header is too large
- maxhttpHeaderSize in spring boot tomcat
- Java spring Request header is too large
- Understanding "Request Header is too large"
- Tomcat throwing error when header size is 8192 chars (8KB)
- Limiting the maximum request size in Tomcat
- Is there a practical HTTP Header length limit?
- Setting Max HTTP Header Size With AJP / Tomcat 6.0