MAXURL size allowed for a URL in Web Agent Apache and IIS
search cancel

MAXURL size allowed for a URL in Web Agent Apache and IIS


Article ID: 198326


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



When running a Web Agent protecting one application, and redirecting requests to another Web Agent, then the request fails to say that the URL is too long. Is there are security concerns to raising the IIS MaxURL to 8k?




Web Agent 12.52SP1CR10;




There are any known security concerns from our documentation, and Microsoft documentation either. It seems there's no limit to the value according to Microsoft (1).

More, some experiences have been reported where IIS maxQueryString configuration might help to handle long URLs (2)(3).

The feature maxURL is something from IIS functionality (4).

There's no known limit at the Web Agent level.

There's no feature known as MaxURL for Apache. 

Be aware that there are some limitations on Apache and also on the browsers too (5)(6).


Additional Information



    Request Limits <requestLimits>


    404 error with login.fcc with SP Initiated SAML 2.0


    iOS Gmail app shows blank page on login.fcc


    Request Limits <requestLimits>

      maxUrl Optional uint attribute.

      Specifies maximum length of the URL, in bytes.

      The default value is 4096.



    What is apache's maximum url length?

      The default limit for the length of the request line is 8190 bytes
      (see LimitRequestLine directive). And if we subtract three bytes for
      the request method (i.e. GET), eight bytes for the version
      information (i.e. HTTP/1.0/HTTP/1.1) and two bytes for the
      separating space, we end up with 8177 bytes for the URI path plus


      Did you have to recompile to use such large values? My version
      (2.2.15) silently ignores LimitRequestLine directives over 8190
      unless recompiled with the added CFLAG "-D
      DEFAULT_LIMIT_REQUEST_LINE=16384" (then it allows up to 16384)



    What is the maximum length of a URL in different browsers?

      Extremely long URLs are usually a mistake. URLs over 2,000
      characters will not work in the most popular web browsers. Don't use
      them if you intend your site to work for the majority of Internet


      As of Jan 2020, the advice still stands. Even though IE11 may
      possibly accept longer URLs, the ubiquity of older IE installations
      plus the search engine limitations mean staying under 2000 chars is
      the best general policy.