Skip to main content
Version: Release 24.3

Configure maximum size of the HTTP request header

With the maximum size of the HTTP request header set to 8KB (8192 bytes) it becomes difficult to pass the authentication tokens and scopes in headers. Hence with Release 24.1 and later, you can use the server.max-http-request-header-size parameter to configure the maximum size of the HTTP request header that the Release server can accept. Setting an appropriate value for this parameter depends on the specifics of your application and environment.

If your Release application requires large headers due to extensive use of cookies, custom headers, or complex authentication schemes, you may need to increase this value of the server.max-http-request-header-size parameter in the xl-release.conf file. For example, in the xl-release.conf file, you must set the value as follows:

server.max-http-request-header-size=16384

Recommendations

  • Start with the default value (e.g., 8KB) and monitor your Release application's behavior.
  • Incrementally increase the value if you encounter issues related to header size. Common increments are 16KB, 32KB, or even higher, depending on your needs.
  • Review application logs and performance metrics to ensure that the new setting does not introduce any new issues or vulnerabilities.