Why is the total amount of character in a GET limited?

2018-06-14 20:04:24

I want to ask some question about the following quote taken from Head First Servlets and JSP, Second Edition book:

The total amount of characters in a GET is really limited (depending on the server). If the user types, say, a long passage into a “search” input box, the GET might not work.

Why is the total amount of characters in a GET limited?

How can I learn about the total amount of character in a Get?

When I said a long text into any input box, and GET is not working. How many solution do I have to fix this problem.

Why is the get method limited?

There is no specific limit to the length of a GET request. Different servers can have different limits. If you need to send more data to the server, use POST instead of GET. A recommended minimum to be supported by servers and browsers is 8,000 bytes, but this is not required.

RFC 7230's Section 3.1.1 "Request Line" says

HTTP does not place a predefined limit on the length of a request-line, as described in Section 2.5. A server that receives a method longer than any that it implements SHOULD respond with a 501 (Not Implemented) status code. A server that receives a request-target longer than any URI it wishes to parse MUST respond with a 414 (URI Too Long) status code (see Section 6.5.12 of RFC7231).

Various ad hoc limitations on request-line length are found in practice. It is RECOMMENDED that all HTTP senders and recipients support, at a minimum, request-line lengths of 8000 octets.

Section 2.5 "Conformance and Error Handling" says

HTTP does not have specific length limitations for many of its protocol elements because the lengths that might be appropriate will vary widely, depending on the deployment context and purpose of the implementation. Hence, interoperability between senders and recipients depends on shared expectations regarding what is a reasonable length for each protocol element. Furthermore, what is commonly understood to be a reasonable length for some protocol elements has changed over the course of the past two decades of HTTP use and is expected to continue changing in the future.

and RFC 7231's Section 6.5.12 "414 URI Too Long" says

The 414 (URI Too Long) status code indicates that the server is refusing to service the request because the request-target (Section 5.3 of [RFC7230]) is longer than the server is willing to interpret. This rare condition is only likely to occur when a client has improperly converted a POST request to a GET request with long query information, when the client has descended into a "black hole" of redirection (eg, a redirected URI prefix that points to a suffix of itself) or when the server is under attack by a client attempting to exploit potential security holes.

The 'get'-data is send in the query string - which also has a maximum length.

You can do all kind of things with the query string, eg bookmark it. Would you really like to bookmark a real huge text?

It is possible to configure moste servers to use larger length - some clients will accept them, some will throw errors.

"Note: Servers ought to be cautious about depending on URI lengths above 255 bytes, because some older client or proxy implementations might not properly support these lengths." HTTP 1.1 specification chapter 3.2.1:.

There is also a status code "414 Request-URI Too Long" - if you get this you will know that you have put to many chars in the get. (If you hit the server limit, if the client limit is lower then the server limit each browser will react in it's own way).

Generally it would be wise to set a limit for each data being send to a server - just if someones tries to make huge workload or slow down the server (eg send a huge file - 1 server connection is used. slow down the transmission, make additional sends - at some point the server wil have a lot of connections open. Use multiple clients and you have an attack scenario on a server).

链接地址: http://www.djcxy.com/p/42174.html

上一篇: 具有查询字符串中的许多项目的HTTP GET请求

下一篇: 为什么GET中字符的总量有限？