1 url和http请求行长度限制
http协议本身并没有限制url的最大长度,但是浏览器和服务器实现http协议时对url长度分别有不同程度的限制。本人搜集的信息如下表所示:
| URL | Request Line | URL过长的结果 | |
|---|---|---|---|
| HTTP/1.1 标准 | 推荐服务端至少支持8000字节 | ||
| HTTP/2 标准 | 无限制 | ||
| URL、URI 标准 | 无限制 | ||
| Chromium | 2MB | 打开失败 | |
| Firefox | 1MB | 打开失败 | |
| Safari | 无限制 | ||
| IE8 | ~2083字节 | 打开失败 | |
| IE9-IE11 | 无限制 | ||
| Node.js >= v13.13.0 | 16KB | 抛出Header overflow异常 | |
| Node.js < v13.13.0 | 8KB | 抛出Header overflow异常 | |
| nginx | 8KB | 返回 4xx 错误 | |
| httpd | 8190字节 | 返回 4xx 错误 |
2 spring支持http协议时的一些常见资源限制
| 参数 | 默认值 | 含义 |
|---|---|---|
| server.max-http-header-size | 8KB | http头部最大长度 |
| server.servlet.session.timeout | 30m | http session超时时间,默认单位为秒 |
| server.tomcat.accept-count | 100 | tomcat已连接tcp队列的最大长度 |
| server.tomcat.connection-timeout | tomcat tcp连接建立超时时间 | |
| server.tomcat.keep-alive-timeout | tomcat 空闲tcp连接保活时间,超过该时间没有接收到新请求,将关闭连接 | |
| server.tomcat.max-connections | 8192 | tomcat最大tcp连接数 |
| server.tomcat.max-http-form-post-size | 2MB | tomcat http post请求表单body的最大大小 |
| server.tomcat.max-http-response-header-size | 8KB | tomcat http响应头最大大小 |
| server.tomcat.max-keep-alive-requests | 100 | tomcat每条tcp连接的http请求队列的最大长度 |
| server.tomcat.max-swallow-size | 2MB | tomcat请求body和响应body的最大大小 |
| server.tomcat.threads.max | 200 | tomcat处理请求的最大线程数 |
| server.tomcat.threads.min-spare | 10 | tomcat处理请求的最小线程数 |
更多详细的spring参数配置请参考官方文档:Common Application Properties
3 http协议中关于http消息长度超出限制的响应码定义
- 413(Payload Too Large)
The 413 (Payload Too Large) status code indicates that the server is refusing to process a request because the request payload is larger than the server is willing or able to process. The server MAY close the connection to prevent the client from continuing the request.
If the condition is temporary, the server SHOULD generate a Retry-After header field to indicate that it is temporary and after what time the client MAY try again.
- 414(URI Too Long)
The 414 (URI Too Long) status code indicates that the server is refusing to service the request because the request-target (Section 5.3 of [RFC7230]) is longer than the server is willing to interpret. This rare condition is only likely to occur when a client has improperly converted a POST request to a GET request with long query information, when the client has descended into a "black hole" of redirection (e.g., a redirected URI prefix that points to a suffix of itself) or when the server is under attack by a client attempting to exploit potential security holes.
A 414 response is cacheable by default; i.e., unless otherwise indicated by the method definition or explicit cache controls (see Section 4.2.2 of [RFC7234]).
- 431(Request Header Fields Too Large)
The 431 status code indicates that the server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields.
It can be used both when the set of request header fields in total is too large, and when a single header field is at fault. In the latter case, the response representation SHOULD specify which header field was too large.
