{"id":1318,"date":"2012-08-28T17:42:16","date_gmt":"2012-08-28T16:42:16","guid":{"rendered":"http:\/\/soci.hu\/blog\/?p=1318"},"modified":"2012-08-28T17:44:59","modified_gmt":"2012-08-28T16:44:59","slug":"400-bad-request-request-header-too-long","status":"publish","type":"post","link":"https:\/\/soci.hu\/blog\/index.php\/2012\/08\/28\/400-bad-request-request-header-too-long\/","title":{"rendered":"400 Bad Request &#8211; Request header too long"},"content":{"rendered":"<p>Reporting Services el\u00e9r\u00e9se k\u00f6zben j\u00f6tt a hiba, de IIS alatt is ugyanez lett volna a gond. A hiba oka, hogy a http.sys alapban 16kban korl\u00e1tozza a http request hosssz\u00e1t, egy AD user access tokenje viszont nagyobb lehet enn\u00e9l. Mivel a Kerberos auth (majdnem minden auth) a http headerben tolja \u00e1t az auth inf\u00f3t, ha egy user nagyon sok csoportnak tagja az auth header nagyon nagy lehet. Eset\u00fcnkben akin\u00e9l j\u00f3l ment 7k volt az \u00f6ssz k\u00e9r\u00e9s hossz, a beteg usern\u00e9l 26 (<a href=\"http:\/\/www.fiddler2.com\/fiddler2\/\">Fiddlerrel<\/a> n\u00e9zt\u00fck meg). Ez t\u00f6bb mint 16, \u00edgy term\u00e9szetes, hogy a http.sys kiv\u00e1gta.<br \/>\nA megold\u00e1s a limitek felemel\u00e9se volt (MaxFieldLength \u00e9s MaxRequestBytes registry \u00e9rt\u00e9kek).<br \/>\n<a href=\"http:\/\/blogs.technet.com\/b\/surama\/archive\/2009\/04\/06\/kerberos-authentication-problem-with-active-directory.aspx\">B\u0151vebben az okr\u00f3l<\/a> \u00e9s a <a href=\"http:\/\/support.microsoft.com\/kb\/820129\">be\u00e1ll\u00edt\u00e1sokr\u00f3l itt<\/a>. A be\u00e1ll\u00edt\u00e1s a http stackre vonatkozik, user m\u00f3d\u00fa fogyaszt\u00f3t\u00f3l (IIS, SQL Server, stb.) f\u00fcggetlen\u00fcl.<br \/>\nM\u00e9g egy dolog. A 2. cikk szerint \u00fajra kell ind\u00edtani a http valamit. Ez l\u00e1tsz\u00f3lag szerviz, de nem az, hanem device driver. Mint ismert, 2003-t\u00f3l \u00e9s XP SP2-t\u0151l a http.sys kernel m\u00f3d\u00fa driver fogadja a http k\u00e9r\u00e9seket, ehhez \u00edrtak device drivert, mivel NT alatt \u00edgy lehet kernel m\u00f3dban futtatni valamit. A service-ek k\u00f6z\u00f6tt teh\u00e1t nem l\u00e1tszik, hanem a Device Mangerben a Non Plug and Play kateg\u00f3ria alatt lesz. Csak akkor hajland\u00f3 le\u00e1llni, ha semmilyen user m\u00f3d\u00fa processz nem \u00e9p\u00edt r\u00e1. Az \u00f6sszes http kiszolg\u00e1l\u00f3 erre \u00e9p\u00edt, \u00edgy az IIS \u00e9s a Reporting Services is (meg az SQL Server http endpointjai, stb.). Eset\u00fcnkben nem akart le\u00e1llni, de a Reporting Services le\u00e1ll\u00edt\u00e1sa ut\u00e1n azonnal le\u00e1llt. Meg\u00fasztunk egy g\u00e9p restartot, ami f\u00e1jt volna, mivel ezen volt az SQL Server is.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Reporting Services el\u00e9r\u00e9se k\u00f6zben j\u00f6tt a hiba, de IIS alatt is ugyanez lett volna a gond. A hiba oka, hogy a http.sys&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29,4,30,55,73],"tags":[],"class_list":["post-1318","post","type-post","status-publish","format-standard","hentry","category-iis","category-szakmai-elet","category-sql-server","category-windows","category-winternals"],"_links":{"self":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1318"}],"version-history":[{"count":3,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1318\/revisions"}],"predecessor-version":[{"id":1320,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1318\/revisions\/1320"}],"wp:attachment":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}