- From: Willy Tarreau <w@1wt.eu>
- Date: Thu, 29 May 2014 07:25:44 +0200
- To: Amos Jeffries <squid3@treenet.co.nz>
- Cc: ietf-http-wg@w3.org
On Thu, May 29, 2014 at 04:52:51PM +1200, Amos Jeffries wrote: > Personally I am in favour of 64K limit on headers. However, the > Cookie/Set-Cookie size problem is a hard nut to crack. > > Also might I remind that Squid already has a few complaints about our > 32KB default limit and people patching the code to handle >64KB > individual header length for auth tokens in NTLM/Negotiate logins when > (long) lists of groups and SID are encoded inside them. FWIW, haproxy ships with a 8kB default limit, and in our appliances it's even 7kB. We had maybe only twice to explain to people how to raise the limit, and each time it was because of an application bug causing cookies to be duplicated for each request, resulting in requests of several 10s of kB after hundreds of requests. I personally don't expect such an application bug to drive the protocol limits :-) Just like Greg, I think that 8kB is already a high reasonable limit and that if we push it to 16kB we cover a most usages. It's possible that Richard's stats include bogus applications and/or attacks BTW. regards, Willy
Received on Thursday, 29 May 2014 05:27:38 UTC