HTTP Bad Request (Request header too long) in CLM

This article helps you resolve the problem where Hypertext Transfer Protocol (HTTP) bad request error occurs in the CLM portal.

Original product version:   Internet Information Services
Original KB number:   955585

Symptoms

You can't perform all operations in the CLM portal, you may experience the following issue:

  • With friendly HTTP error messages enabled in Internet Explorer, HTTP 400 errors will be returned in response to web requests being sent to the Internet Information Services (IIS) server.

  • With friendly HTTP error messages disabled in Internet Explorer, the following error message is returned to the user:

    Bad Request (Request header too long)

Cause

The HTTP request that's sent to the IIS server have a request header that exceeds the allowable request header length configured on the IIS server. Specifically, the Authorization header contains a large Kerberos authentication ticket. The Kerberos ticket is so large because the user is a member of many groups in Active Directory.

For security purposes, the HTTP.sys component on the IIS server rejects the incoming HTTP request because it exceeds the configured size limits.

Resolution

Configure the HTTP registry keys MaxFieldLength and MaxRequestBytes on the IIS server to allow for larger request header sizes.

Important

Changing these registry keys is considered extremely dangerous. Increasing these keys' values will cause HTTP.sys to use more memory and may increase vulnerability to malicious attacks. If changing these keys is your only option, don't set their values larger than they need to be. Information on determining how large the request headers are and therefore what value to set the registry keys is found later in this article.

Determine HTTP request size

To determine the actual HTTP request size, it can be helpful to use a network monitor trace. With this trace, we can calculate the size of the http request and compare it against the setting on the IIS server.

It's also useful to consult the HTTP.sys error log for information.

Location: %windir%\system32\logfiles\HTTPERR\httperrX.log

The key to resolving this particular problem, is to show that CLM is trying to send an HTTP request to the server that is greater than either the default value of 16k, or greater than the custom setting in their MaxFieldLength and MaxRequestBytes. To do this, use a combination of:

  1. Network monitor trace
  2. Looking through the http.sys error log located in %windir%\system32\logfiles\HTTPERR\httperrX.log.

Example entry from the httperrX.log:

date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename 2007-04-12 07:37:51 10.201.25.27 1682 10.248.10.65 80 HTTP/1.1 GET /clm 400 - RequestLength

NetMon

In the NetMon trace, to determine how large the HTTP request is, use the following steps:

  1. Locate the frame that submits an HTTP Get statement

  2. Add the Transmission Control Protocol (TCP) Len value for each frame from the HTTP Get statement until the IIS server returns an ACK.

    This will be the size of the HTTP request.

    Example:

    28209 19:13:04.041 53.906250 Client Server HTTP HTTP: Request, GET /CLM/content/sm/requests/SubscriberPrintDocuments.aspx
    28210 19:13:04.041 53.906250 Client Server HTTP HTTP: HTTP Payload
    28210 19:13:04.041 53.906250 Client Server HTTP HTTP: HTTP Payload
    28211 19:13:04.041 53.906250 Client Server HTTP HTTP: HTTP Payload
    28212 19:13:04.041 53.906250 Client Server HTTP HTTP: HTTP Payload
    28213 19:13:04.041 53.906250 Client Server HTTP HTTP: HTTP Payload
    28214 19:13:04.041 53.906250 Client Server HTTP HTTP: HTTP Payload
    28215 19:13:04.041 53.906250 Client Server HTTP HTTP: HTTP Payload
    28216 19:13:04.041 53.906250 Client Server HTTP HTTP: HTTP Payload
    28217 19:13:04.041 53.906250 Client Server HTTP HTTP: HTTP Payload
    28218 19:13:04.041 53.906250 Client Server HTTP HTTP: HTTP Payload
    28219 19:13:04.041 53.906250 Client Server HTTP HTTP: HTTP Payload
    28220 19:13:04.041 53.906250 Client Server HTTP HTTP: HTTP Payload

    Each of the above will have a detail line similar to the following:

    Tcp: Flags=....A..., SrcPort=3281, DstPort=HTTP(80), Len=1460 , Seq=3225410770 - 3225412230, Ack=1377780890, Win=33580 (scale factor 0) = 0

    In this example, the HTTP request size is somewhere around 17000, which is more than the default maximum.

WireShark

  1. Locate the frame that submits the HTTP Get statement
  2. View the tab at the bottom of the WireShark screen titled Reassembled TCP and the number beside this will be the size of the reassembled HTTP request.