URL 路径中的段的安全最大长度应该是多少? [英] What is a safe maximum length a segment in a URL path should be?
问题描述
很多人都在问URL 的最大长度是多少?"但据我所知,没有人问这个问题:><块引用>
URL 路径中的段的安全最大长度应该是多少?
我认为这个问题同样重要.
这个问题是一个通用问题,旨在支持尽可能多的开箱即用系统.
在 C# 中,您可以从传入的请求中获取 URL 路径段列表,安装安全模块后,URL 路径中的段在这种情况下可以达到的最大长度是多少?
我在以下页面上读到超过 260 个字符的 URL 路径段可能会导致自定义 ASP.NET 模块出现问题:
在网络浏览器中,无论您访问哪个网站,您都会输入 URL 段,/ 是通常映射到主页的 URL 路径段.Internet Explorer、Chrome 和 Firefox 是流行的浏览器,它们支持的 URL 路径段长度的最大长度是多少?
我可以从以下资源中看到,不同浏览器的 URL 路径的最大长度不同,并且这个数字有时相当高:
但这是路径而不是路径段.
我也知道在重写路径时,底层文件系统路径长度会起作用,我所看到的支持的大概数字在 *nix 操作系统中大约为 255 个字符.
其他注意事项包括数据库表中 URL 路径段的最大长度.例如,在 MySQL 中,varchar 列最多可以包含 255 个字符,但是否存在这种情况,人们是在 MySQL 的表中存储路径段还是在 varchar 列中存储完整的 URL?这是否意味着 255 个字符对于 URL 路径段来说太长了?
是否有任何关于 URL 路径段可以有多长的 W3C 规范,因为我什么都看不到?
我确实阅读了关于 URI 的 W3C 规范,但我没有发现任何有用的东西:
我对 URL 路径段的长度没有固定标准感到很困惑,所以我可能遗漏了什么?
我真的在寻找尽可能多的关于不同系统支持什么的信息,以及什么被认为是 URL 路径段的安全长度.
简而言之
根据 HTTP 规范,URL 的长度没有限制.将您的网址保持在 2048 个字符以下;这将确保 URL 在所有客户端中都有效.服务器配置.此外,搜索引擎喜欢将 URL 保持在大约 2000 个字符以下.
Chrome 对 URL 有 2MB 的限制,IE8 和 9 有 2084 个字符的限制.因此,一切都指向将您的 URL 限制为大约.2000 个字符.
此外,从可用性的角度来看,用户无法使用/读取过长的 URL.
但是,域名有一个最大值.长度为 255 个字符.所以为了安全起见,最大.考虑到您的 URL 存在于 1 个段中,因此 URL 段的长度约为 1745 个字符.
A lot of people are asking "What is the maximum length a URL can be?" but as far as I can see nobody is asking the question:
What is a safe maximum length a segment in a URL path should be?
I think this question is equally as important.
This question is a general question aimed at supporting as many systems out of the box as possible.
In C#, you can get a list of URL path segments from an incoming request, with security modules installed what is considered the maximum length a segment in a URL path can be for this scenario?
I've read on the following page that URL path segments over 260 characters can cause problems in custom ASP.NET modules:
In web browsers, you type URL segments regardless of what website you visit, / is a URL path segment which is usually mapped to a homepage. With Internet Explorer, Chrome and Firefox being popular browsers, what is the maximum length of a URL path segment length they support?
I can see from the following resource that the maximum length of a URL path differs for different browsers and the figure is sometimes quite high:
But this is a path and not a path segment.
I'm also aware that when rewriting paths, the underlying file system path length comes into play, and the ball park figure of what I can see supported is around 255 characters in a *nix OS.
Other considerations include the maximum length of a URL path segment in a database table. For instance, in MySQL a varchar column can contain up to 255 characters, but is there a case for this, are people storing segments of paths in tables in MySQL or are people storing full URL's in varchar columns? Could this mean 255 characters is too long for a URL path segment?
Is there any W3C specification on how long a URL path segment can be as I can't spot anything?
I did read the W3C specification on URI's but again I didn't spot anything of use:
I'm quite baffled that there is no set standard on what a length a URL path segment should be, so maybe I am missing something?
I'm really looking for as much information as possible on what different systems support, and what is considered a safe length for a URL path segment.
Possibly related of What is the maximum length of a URL in different browsers?
In short
According to the HTTP spec, there is no limit to a URL's length. Keep your URLs under 2048 characters; this will ensure the URLs work in all clients & server configurations. Also, search engines like URLs to remain under approximately 2000 characters.
Chrome has a 2MB limit for URLs, IE8 and 9 have a 2084 character limit. So everything points in keeping your URLs limited to approx. 2000 characters.
Also, from a usability point-of-view, URLs that long are not usable/readable by users.
However, the domain name has a max. length of 255 characters. So to be on the safe side, the max. length of an URL segment would be around 1745 characters, given that your URL exists out of 1 segment.
这篇关于URL 路径中的段的安全最大长度应该是多少?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
