LimitRequestFieldsize


Syntax: LimitRequestFieldsize number
Default: LimitRequestFieldsize 8190
Context: server config
Status: core
Compatibility: LimitRequestFieldsize is only available in Apache 1.3.2 and later.

Number is an integer size in bytes from 0 to the value of the compile-time constant DEFAULT_LIMIT_REQUEST_FIELDSIZE (8190 as distributed).

The LimitRequestFieldsize directive allows the server administrator to reduce the limit on the allowed size of an HTTP request header field below the normal input buffer size compiled with the server. A server needs this value to be large enough to hold any one header field from a normal client request. The size of a normal request header field will vary greatly among different client implementations, often depending upon the extent to which a user has configured their browser to support detailed content negotiation.

This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. Under normal conditions, the value should not be changed from the default.