- From: Simone Bordet <simone.bordet@gmail.com>
- Date: Thu, 29 May 2014 09:39:55 +0200
- To: Willy Tarreau <w@1wt.eu>
- Cc: Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Hi, On Thu, May 29, 2014 at 7:25 AM, Willy Tarreau <w@1wt.eu> wrote: > On Thu, May 29, 2014 at 04:52:51PM +1200, Amos Jeffries wrote: >> Personally I am in favour of 64K limit on headers. However, the >> Cookie/Set-Cookie size problem is a hard nut to crack. >> >> Also might I remind that Squid already has a few complaints about our >> 32KB default limit and people patching the code to handle >64KB >> individual header length for auth tokens in NTLM/Negotiate logins when >> (long) lists of groups and SID are encoded inside them. > > FWIW, haproxy ships with a 8kB default limit, and in our appliances > it's even 7kB. We had maybe only twice to explain to people how to > raise the limit, and each time it was because of an application bug > causing cookies to be duplicated for each request, resulting in > requests of several 10s of kB after hundreds of requests. I personally > don't expect such an application bug to drive the protocol limits :-) > > Just like Greg, I think that 8kB is already a high reasonable limit > and that if we push it to 16kB we cover a most usages. It's possible > that Richard's stats include bogus applications and/or attacks BTW. >From Richard's numbers, the headers greater than 16k represent the 0.026% of the hits, so 16 KiB indeed covers most usages. -- Simone Bordet http://bordet.blogspot.com --- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz
Received on Thursday, 29 May 2014 07:40:22 UTC