400 Bad Request

walidabualafia · February 26, 2024, 3:33pm

Hi All,

I am currently managing an Open OnDemand instance in my institution, and we keep seeing this error come up:

# Bad Request

Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.

The error is not persistent. It comes up every once in a while. If you open OnDemand from an incognito tab or new browser it works. Also, if you try again with the problematic browser hours after, it works. I am so confused.

Any idea why this is happening? Any idea how to get around it?

Thanks!

hrandquist · February 26, 2024, 5:12pm

Hello! It sounds like this is something that would show up in the Apache logs (Logging — Open OnDemand 3.1.0 documentation) - Is it possible for you to catch this your error logs and share that?

walidabualafia · February 26, 2024, 10:04pm

Hi @hrandquist,

I did not find anything useful in the logs. In fact, my account’s access.log/error.log were blank. No error/access gzip files were generated with today’s date.

Any clue what the error might look like?

Thank you!

walidabualafia · February 26, 2024, 11:34pm

Just got the error, and I can confirm that it is not reflected in the ondemand-nginx logs. Neither error.log, nor access.log.

hrandquist · February 27, 2024, 2:34pm

So this is likely to do with OIDC headers or other auth headers. Can you tell me more about how your authentication is set up?

walidabualafia · February 27, 2024, 2:45pm

@hrandquist so I am using OIDC for auth. These are some of my OIDC settings (I believe most are default values):

oidc_settings:
  OIDCPassIDTokenAs: "serialized"
  OIDCPassRefreshToken: "On"
  OIDCPassClaimsAs: "environment"
  OIDCStripCookies: "mod_auth_openidc_session mod_auth_openidc_session_chunks mod_auth_openidc_session_0 mod_auth_openidc_session_1"
  OIDCResponseType: "code"

These are some other OIDC values as well:

oidc_scope: "openid profile email"
oidc_session_max_duration: 28800
oidc_state_max_number_of_cookies: "10 true"

Thank you for following up and for your help!

hrandquist · February 27, 2024, 4:32pm

OK, after some research, I’ve found this has to do with the number of cookies being sent via request headers. You can use oidc_state_max_number_of_cookies to increase this limit. You can read more about the variable that’s being set here: mod_auth_openidc/auth_openidc.conf at master · OpenIDC/mod_auth_openidc · GitHub and definitely let me know if you have more questions.

Edit: Forgive me, I mispoke - you want to decrease the max number of cookies so that the header size is smaller.

walidabualafia · April 23, 2024, 1:52pm

Hi @hrandquist,

Sorry to loop back in way later. Original solution somewhat worked, with a caveat.

I took your previous advice, and lowered the number of oidc_state_max_number_of_cookies from 10 to 5. This made the error less prevalent, but it still comes up every once in a while. Can you tell me more about the effect of this variable?

If I lower it all the way down to 1, how would the user’s experience get affected?

Please let me know.

Best,
Walid

Topic		Replies	Views
Stability Issues using OnDemand Get Help	4	940	May 26, 2022
Occasional "403 Forbidden" error Get Help	2	654	May 26, 2022
Anyone else httpd "client denied" errors in logs? Get Help	8	1527	May 26, 2022
Internal Server Error for a Single User Get Help ondemand2 , question	3	58	March 1, 2024
Proxy Error: The proxy server received an invalid response from an upstream server Get Help	12	224	November 29, 2023

400 Bad Request

Related Topics