Share via

HTTP Error 400. The size of the request headers is too long

WILCHIS Tito 0 Reputation points
2025-06-10T17:12:56.5133333+00:00

Hi all,

I have this problem about header is too long, after some research I found different solutions about increasing the size of the buffer "large_client_header_buffers 4 16k" but some say it is a registry in regedit (which I don't have and would have to create it), others say in web.config (but the line I should modify doesn't appear either) and others say directly in IIS manager on the affected site in "Request Filtering" in the Headers tab (in which I also have nothing, I would have to add it).

I hope you can help me confirm the solution to my problem. It reads very simply, but the parameter to modify on my server doesn't appear.

Thank you

Windows for business | Windows Server | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Joseph Tran 770 Reputation points Independent Advisor
    2025-06-11T09:46:54.5+00:00

    I have some recommend for you to try it out and find the solution for this issue :

    - I think you should increase maxRequestLength in web.config for ASP.NET apps

    If your application is ASP.NET, you can increase request size like this:

    <configuration>
  <system.web>
    <httpRuntime maxRequestLength="32768" /> <!-- in KB -->
  </system.web>
  <system.webServer>
    <security>
      <requestFiltering>
        <requestLimits maxAllowedContentLength="33554432" /> <!-- in bytes -->
      </requestFiltering>
    </security>
  </system.webServer>
</configuration>

    But this mostly affects POST body size, not headers. So for the headers, you can try this next step bellow:

    - You can set MaxFieldLength and MaxRequestBytes in the Windows Registry (IIS)

    About these registry settings will control how much header data IIS will accept. Heading to this path bellow after type regedit on Run

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

    If the keys are not present, you must create them manually:

    • MaxFieldLength (DWORD) choose Decimal and change it value to 65534
    • MaxRequestBytes (DWORD) choose Decimal and change it value to 65534

    Then you must restart the server or at least the HTTP service after changing this.

    - On IIS Manager > Request Filtering this optional and do it at your own risk

    You can also increase header limits in IIS GUI:

    • Go to your Site > Request Filtering > Edit Feature Settings
    • If "Allow unlisted headers" is disabled, headers not explicitly allowed will be blocked.
    • Under Headers tab, you can define limits for individual header names (e.g., Authorization), but by default it allows all. You can add entries here, though it's not required unless you're being very strict.

     Links for references :

    -https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/site-behavior-performance/clm-http-bad-request

    -https://port135.com/http-400-bad-request-request-header-too-long/

    -https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/site-behavior-performance/clm-http-bad-request-

    -https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/www-authentication-authorization/http-bad-request-response-kerberos

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.