An Issue with max request uri length

Eric Wong normalperson at yhbt.net
Tue May 8 19:13:48 UTC 2012


Vladislav Shub <vlad at yotpo.com> wrote:
> Hi,
> I have a unicorn server that receives a long http GET request and i
> got 414 Request-URI Too Long.
> After looking around I have found that it's hard coded to 15k (
> global_variables.h:65   DEF_MAX_LENGTH(REQUEST_URI, 1024 * 15);) the
> question is what is the main reason for this restriction

This restriction reduces vectors for attacks (hash collision, memory
exhaustion/fragmentation and most importantly: things we have yet to
think of).

> and can it be overwritten by some configuration and if not can you
> please patch it to work with a configuration?

I'm against adding configuration parameters hardly anybody needs or
uses.  Its more things in the documentation (too much
documentation/options is confusing for users).  This restriction has
been in more widely deployed servers (e.g.  mongrel/thin) for many years
before unicorn and hardly anybody has an issue with it.

Why do you need to such a long URI?  Do you expect users to follow such
long URLs?  How often do you actually see such long URLs from other
applications, perhaps your app is doing something wrong?

Given the prevalence/popularity of URL shorteners, perhaps using shorter
URLs in the first place is a good idea :)


More information about the mongrel-unicorn mailing list