Is it browser dependent? Also, do different web stacks have different limits on how much data they can get from the request?
它是依赖于浏览器吗?另外,不同的web栈对于从请求中获得的数据有不同的限制吗?
4 个解决方案
#1
824
RFC 2616 (Hypertext Transfer Protocol — HTTP/1.1) states there is no limit to the length of a query string (section 3.2.1). RFC 3986 also states there is no limit, but indicates the hostname is limited to 255 characters because of DNS limitations (section 2.3.3).
RFC 2616(超文本传输协议—HTTP/1.1)声明查询字符串的长度没有限制(第3.2.1节)。RFC 3986也表示没有限制,但表示由于DNS限制,主机名被限制为255个字符(第2.3.3节)。
While the specifications do not specify any maximum length, practical limits are imposed by web browser and server software. Based on the research found at Boutell.com:
虽然规范没有指定任何最大长度,但是web浏览器和服务器软件对实际的限制是强加的。根据布特尔网站上的研究发现:
-
Microsoft Internet Explorer (Browser)
Microsoft states that the maximum length of a URL in Internet Explorer is 2,083 characters, with no more than 2,048 characters in the path portion of the URL. Attempts to use URLs longer than this produced a clear error message in Internet Explorer.Microsoft Internet Explorer(浏览器)Microsoft声明Internet Explorer中URL的最大长度为2083个字符,URL的路径部分不超过2048个字符。尝试使用超过此长度的url会在Internet Explorer中产生明显的错误消息。
-
Microsoft Edge (Browser)
The limit appears to be around 81578 characters. See URL Length limitation of Microsoft Edge微软Edge(浏览器)的限制似乎在81578个字符左右。参见Microsoft Edge的URL长度限制。
-
Chrome
It stops displaying the URL after 64k characters, but can serve more than 100k characters. No further testing was done beyond that.Chrome在64k字符后停止显示URL,但可以服务超过100k字符。除此之外没有做进一步的测试。
-
Firefox (Browser)
After 65,536 characters, the location bar no longer displays the URL in Windows Firefox 1.5.x. However, longer URLs will work. No further testing was done after 100,000 characters.在65,536个字符后,位置栏不再显示Windows Firefox 1.5.x中的URL。然而,更长的url将会工作。在10万个字符之后,没有做进一步的测试。
-
Safari (Browser)
At least 80,000 characters will work. Testing was not tried beyond that.Safari(浏览器)至少可以使用8万个字符。除此之外,没有进行测试。
-
Opera (Browser)
At least 190,000 characters will work. Stopped testing after 190,000 characters. Opera 9 for Windows continued to display a fully editable, copyable and pasteable URL in the location bar even at 190,000 characters.Opera浏览器(浏览器)至少有19万个字符。在19万字符后停止测试。Windows的Opera 9继续在位置栏中显示一个完全可编辑、可复制和可粘贴的URL,即使是190,000个字符。
-
Apache (Server)
Early attempts to measure the maximum URL length in web browsers bumped into a server URL length limit of approximately 4,000 characters, after which Apache produces a "413 Entity Too Large" error. The current up to date Apache build found in Red Hat Enterprise Linux 4 was used. The official Apache documentation only mentions an 8,192-byte limit on an individual field in a request.Apache(服务器)早期尝试测量web浏览器中遇到的大约4000个字符的服务器URL长度限制的最大URL长度,之后Apache会产生“413个实体太大”的错误。使用了Red Hat Enterprise Linux 4中最新的Apache构建。官方的Apache文档只在请求的单个字段中提到了一个8,192字节的限制。
-
Microsoft Internet Information Server (Server)
The default limit is 16,384 characters (yes, Microsoft's web server accepts longer URLs than Microsoft's web browser). This is configurable.微软Internet Information Server(服务器)默认限制为16384个字符(是的,微软的web服务器接受的url比微软的web浏览器长)。这是可配置的。
-
Perl HTTP::Daemon (Server)
Up to 8,000 bytes will work. Those constructing web application servers with Perl's HTTP::Daemon module will encounter a 16,384 byte limit on the combined size of all HTTP request headers. This does not include POST-method form data, file uploads, etc., but it does include the URL. In practice this resulted in a 413 error when a URL was significantly longer than 8,000 characters. This limitation can be easily removed. Look for all occurrences of 16x1024 in Daemon.pm and replace them with a larger value. Of course, this does increase your exposure to denial of service attacks.Perl HTTP:::守护进程(服务器)最多可工作8000字节。那些使用Perl的HTTP::守护进程模块构建web应用服务器的人将会遇到所有HTTP请求头的合并大小的16384字节限制。这并不包括方法后的表单数据、文件上传等等,但是它包含了URL。在实际操作中,当URL的长度超过8000个字符时,会导致413个错误。这种限制可以很容易地消除。查找守护进程中出现的所有16x1024。用较大的值替换它们。当然,这确实增加了拒绝服务攻击的风险。
#2
7
I'm assuming you mean max length for a uri string. This may help.
我假设你是指uri字符串的最大长度。这可能有帮助。
Typically once URI's get unreadable because they are too long, it's time to use a POST request instead.
通常,一旦URI变得不可读,因为它们太长,就应该使用POST请求。
#3
1
Different web stacks do support different lengths of http-requests. I know from experience that the early stacks of Safari only supported 4000 characters and thus had difficulty handling ASP.net pages because of the USER-STATE. This is even for POST, so you would have to check the browser and see what the stack limit is. I think that you may reach a limit even on newer browsers. I cannot remember but one of them (IE6, I think) had a limit of 16-bit limit, 32,768 or something.
不同的web堆栈支持不同长度的http请求。我从经验中知道,早期的Safari栈只支持4000个字符,因此由于用户状态的原因,无法处理ASP.net页面。这甚至适用于POST,因此您必须检查浏览器并查看堆栈限制是什么。我认为即使在更新的浏览器上,你也可能会达到极限。我不记得了,其中有一个(我想是IE6)的限制是16位,32,768之类的。
#4
0
Although officially there is no limit, many security configuration recommendations state that maxQueryStrings on a server should be set to a maximum character limit of 1024 while the entire url including the query string should be set to a max of 2048 characters. This is to prevent the Slow HTTP Request vulnerability on a web server to prevent slow DDOS attacks.
虽然官方上没有限制,但许多安全配置建议指出,服务器上的maxquerystring应该设置为最大字符限制为1024,而包括查询字符串在内的整个url应该设置为最多2048个字符。这是为了防止web服务器上的缓慢HTTP请求漏洞,以防止缓慢的DDOS攻击。
#1
824
RFC 2616 (Hypertext Transfer Protocol — HTTP/1.1) states there is no limit to the length of a query string (section 3.2.1). RFC 3986 also states there is no limit, but indicates the hostname is limited to 255 characters because of DNS limitations (section 2.3.3).
RFC 2616(超文本传输协议—HTTP/1.1)声明查询字符串的长度没有限制(第3.2.1节)。RFC 3986也表示没有限制,但表示由于DNS限制,主机名被限制为255个字符(第2.3.3节)。
While the specifications do not specify any maximum length, practical limits are imposed by web browser and server software. Based on the research found at Boutell.com:
虽然规范没有指定任何最大长度,但是web浏览器和服务器软件对实际的限制是强加的。根据布特尔网站上的研究发现:
-
Microsoft Internet Explorer (Browser)
Microsoft states that the maximum length of a URL in Internet Explorer is 2,083 characters, with no more than 2,048 characters in the path portion of the URL. Attempts to use URLs longer than this produced a clear error message in Internet Explorer.Microsoft Internet Explorer(浏览器)Microsoft声明Internet Explorer中URL的最大长度为2083个字符,URL的路径部分不超过2048个字符。尝试使用超过此长度的url会在Internet Explorer中产生明显的错误消息。
-
Microsoft Edge (Browser)
The limit appears to be around 81578 characters. See URL Length limitation of Microsoft Edge微软Edge(浏览器)的限制似乎在81578个字符左右。参见Microsoft Edge的URL长度限制。
-
Chrome
It stops displaying the URL after 64k characters, but can serve more than 100k characters. No further testing was done beyond that.Chrome在64k字符后停止显示URL,但可以服务超过100k字符。除此之外没有做进一步的测试。
-
Firefox (Browser)
After 65,536 characters, the location bar no longer displays the URL in Windows Firefox 1.5.x. However, longer URLs will work. No further testing was done after 100,000 characters.在65,536个字符后,位置栏不再显示Windows Firefox 1.5.x中的URL。然而,更长的url将会工作。在10万个字符之后,没有做进一步的测试。
-
Safari (Browser)
At least 80,000 characters will work. Testing was not tried beyond that.Safari(浏览器)至少可以使用8万个字符。除此之外,没有进行测试。
-
Opera (Browser)
At least 190,000 characters will work. Stopped testing after 190,000 characters. Opera 9 for Windows continued to display a fully editable, copyable and pasteable URL in the location bar even at 190,000 characters.Opera浏览器(浏览器)至少有19万个字符。在19万字符后停止测试。Windows的Opera 9继续在位置栏中显示一个完全可编辑、可复制和可粘贴的URL,即使是190,000个字符。
-
Apache (Server)
Early attempts to measure the maximum URL length in web browsers bumped into a server URL length limit of approximately 4,000 characters, after which Apache produces a "413 Entity Too Large" error. The current up to date Apache build found in Red Hat Enterprise Linux 4 was used. The official Apache documentation only mentions an 8,192-byte limit on an individual field in a request.Apache(服务器)早期尝试测量web浏览器中遇到的大约4000个字符的服务器URL长度限制的最大URL长度,之后Apache会产生“413个实体太大”的错误。使用了Red Hat Enterprise Linux 4中最新的Apache构建。官方的Apache文档只在请求的单个字段中提到了一个8,192字节的限制。
-
Microsoft Internet Information Server (Server)
The default limit is 16,384 characters (yes, Microsoft's web server accepts longer URLs than Microsoft's web browser). This is configurable.微软Internet Information Server(服务器)默认限制为16384个字符(是的,微软的web服务器接受的url比微软的web浏览器长)。这是可配置的。
-
Perl HTTP::Daemon (Server)
Up to 8,000 bytes will work. Those constructing web application servers with Perl's HTTP::Daemon module will encounter a 16,384 byte limit on the combined size of all HTTP request headers. This does not include POST-method form data, file uploads, etc., but it does include the URL. In practice this resulted in a 413 error when a URL was significantly longer than 8,000 characters. This limitation can be easily removed. Look for all occurrences of 16x1024 in Daemon.pm and replace them with a larger value. Of course, this does increase your exposure to denial of service attacks.Perl HTTP:::守护进程(服务器)最多可工作8000字节。那些使用Perl的HTTP::守护进程模块构建web应用服务器的人将会遇到所有HTTP请求头的合并大小的16384字节限制。这并不包括方法后的表单数据、文件上传等等,但是它包含了URL。在实际操作中,当URL的长度超过8000个字符时,会导致413个错误。这种限制可以很容易地消除。查找守护进程中出现的所有16x1024。用较大的值替换它们。当然,这确实增加了拒绝服务攻击的风险。
#2
7
I'm assuming you mean max length for a uri string. This may help.
我假设你是指uri字符串的最大长度。这可能有帮助。
Typically once URI's get unreadable because they are too long, it's time to use a POST request instead.
通常,一旦URI变得不可读,因为它们太长,就应该使用POST请求。
#3
1
Different web stacks do support different lengths of http-requests. I know from experience that the early stacks of Safari only supported 4000 characters and thus had difficulty handling ASP.net pages because of the USER-STATE. This is even for POST, so you would have to check the browser and see what the stack limit is. I think that you may reach a limit even on newer browsers. I cannot remember but one of them (IE6, I think) had a limit of 16-bit limit, 32,768 or something.
不同的web堆栈支持不同长度的http请求。我从经验中知道,早期的Safari栈只支持4000个字符,因此由于用户状态的原因,无法处理ASP.net页面。这甚至适用于POST,因此您必须检查浏览器并查看堆栈限制是什么。我认为即使在更新的浏览器上,你也可能会达到极限。我不记得了,其中有一个(我想是IE6)的限制是16位,32,768之类的。
#4
0
Although officially there is no limit, many security configuration recommendations state that maxQueryStrings on a server should be set to a maximum character limit of 1024 while the entire url including the query string should be set to a max of 2048 characters. This is to prevent the Slow HTTP Request vulnerability on a web server to prevent slow DDOS attacks.
虽然官方上没有限制,但许多安全配置建议指出,服务器上的maxquerystring应该设置为最大字符限制为1024,而包括查询字符串在内的整个url应该设置为最多2048个字符。这是为了防止web服务器上的缓慢HTTP请求漏洞,以防止缓慢的DDOS攻击。