Dropwizard:如何修复414 Request-URI太长 [英] Dropwizard: How to fix 414 Request-URI Too Long

问题描述

请求(GET)或(POST):

Request (GET) or (POST):

http://localhost:8080/images?name = iVBORw0KGgoAAAANSUhEUgAAAAUA％20AAAFC . .....

响应:

状态码:414请求URI太长 连接方式:关闭 内容长度:0

Status Code: 414 Request-URI Too Long Connection: close Content-Length: 0

如何增加请求大小?

推荐答案

您的请求URI大小超过8kb！哎呀！

You have a Request URI that is over 8kb in size! Eeesh!

由于各种漏洞和浏览器，代理和网络硬件中的错误，存在请求URI限制.

Request-URI limits exist because of various vulnerabilities and bugs found in browsers, proxies, and networking hardware.

虽然可以在Jetty中增加请求URI"限制检查，但为Jetty选择的值代表公共Internet上各种http客户端和中介机构正在使用的当前安全最大值.

While it is possible to increase the Request URI limit checks in Jetty, the values chosen for Jetty represent the current safe maximums in use by various http clients and intermediaries on the public internet.

警告:您不想这样做

这不适合:

• 可从Internet访问的WebServer.
• 由Chrome，Firefox，Safari，MSIE或Opera等浏览器访问的Web服务器.
• 可通过Android，iOS或Microsoft移动设备等移动设备访问的WebServer.
• 在其前面有代理的WebServer.
• 使用代理访问WebServer的客户端.

这仅对在直接与Jetty服务器通信的自定义HTTP客户端之间受限的事务有用.

This is only useful for transactions limited between custom HTTP clients directly talking to a Jetty server.

Jetty 9.2.6.v20141205的说明

如果您还没有Jetty Base ${jetty.base}目录，请创建一个目录并对其进行初始化.

If you don't have a Jetty Base ${jetty.base} directory yet, create one, and initialize it.

[user]$ mkdir mybase
[user]$ cd mybase
[mybase]$ java -jar /path/to/jetty-distribution-9.2.6.v20141205/start.jar \
            --add-to-start=http,deploy,webapp

编辑${jetty.base}/start.ini

并使用所需的上限更改(或添加)以下属性.

And change (or add) the following property with your desired upper limit.

jetty.request.header.size=8192

没有，没有办法禁用此限制检查.

And no, there is no way to disable this limit check.

每次增加，您都会面对越来越多的问题.

For each increase you open yourself up to greater and greater issues.

从某些浏览器(最终是所有浏览器)开始不发送请求，更不用说码头接收请求了.

Starting with some browsers (and eventually all browsers) not being send the request, let alone jetty receiving it.

与此同时，许多代理服务器处理您的请求的能力开始失败，从而导致连接或请求终止和失败.有时甚至会截断对Jetty的请求.

Meanwhile the ability of many proxy servers to handle your request starts to fail, resulting in terminated and failed connections or requests. Sometimes even truncated requests to Jetty.

每增加一次，您就会在标头中不受限制的范围内暴露各种漏洞，从而使各个小组能够执行需要很少网络流量的基于CPU和基于内存的DOS攻击.

Also each increase exposes you to various vulnerabilities surrounding unchecked limits in headers, resulting in the ability of various groups in executing CPU and Memory based DOS attacks that require very little network traffic to perform.

正确的解决方法:

您确实应该切换到基于POST(或PUT)的请求数据，而不要在HTTP协议的请求标头中发送该数量的数据.

You really should switch to POST (or PUT) based request data, and not be sending that amount of data in the request headers of the HTTP protocol.

这篇关于Dropwizard:如何修复414 Request-URI太长的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！