When working with modern web applications that rely heavily on client-side JavaScript frameworks and plugins, you might encounter the frustrating error:
Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.This occurs because Apache HTTP Server has a default LimitRequestFieldSize of 8190 bytes (8KB) for individual header fields. When your application uses plugins that store large amounts of data in cookies or custom headers, you can easily hit this limit.
The most reliable places to set this directive are:
- Main Apache Configuration (recommended for production):
- Virtual Host Configuration:
# In httpd.conf or apache2.conf
LimitRequestFieldSize 16380<VirtualHost *:80>
ServerName example.com
LimitRequestFieldSize 32760
# Other directives...
</VirtualHost>Important Note: While .htaccess files can theoretically accept this directive, many shared hosting providers disable this for security reasons. The directive must appear in a context where AllowOverride Limit is enabled.
After making changes, verify they're active:
# For Mac/Linux:
apachectl -t -D DUMP_RUN_CFG | grep LimitRequestFieldSize
# Alternative method:
curl -I localhost | grep -i 'limit'If you can't modify server settings, consider these approaches:
// JavaScript solution - reduce cookie size
document.cookie = "compressedData=" + LZString.compressToUTF16(JSON.stringify(data));
// PHP solution - split large cookies
$chunks = str_split($large_data, 4000);
foreach ($chunks as $i => $chunk) {
setcookie("data_$i", $chunk, time()+3600, '/');
}While increasing LimitRequestFieldSize solves immediate problems, be aware that:
- Larger headers increase memory usage per connection
- May impact performance under heavy load
- Could expose you to potential DoS attacks
The sweet spot is typically between 16KB-32KB for most applications. Monitor your server's performance after making changes.
If changes don't take effect:
- Check for multiple
LimitRequestFieldSizedirectives (last one wins) - Ensure you're editing the correct httpd.conf (MAMP uses custom paths)
- Verify syntax with
apachectl configtest - Check error logs:
tail -f /var/log/apache2/error.log
For MAMP PRO users on macOS, the configuration path is typically:
/Applications/MAMP/conf/apache/httpd.conf
When working with jQuery plugins or modern web applications that rely heavily on cookie-based sessions, you might encounter this frustrating Apache error:
Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.
The LimitRequestFieldSize directive is one of those rare Apache configurations that cannot be set in .htaccess files. This is because it's considered a server security and performance setting that should be managed at the server configuration level.
For MAMP users on Mac OSX, you'll need to modify the main Apache configuration file. Here's the typical path:
/Applications/MAMP/conf/apache/httpd.conf
Open httpd.conf and search for "LimitRequestFieldSize". If it exists, modify the value. If not, add this line in the main configuration section:
# Set maximum request header field size to 16KB
LimitRequestFieldSize 16380
For enterprise applications with very large cookies, you might need even higher values:
# Extreme case for complex SSO implementations
LimitRequestFieldSize 32760
Remember that increasing this value affects server performance and memory usage. Always:
- Restart Apache after making changes
- Consider optimizing your cookie usage if possible
- Monitor server performance after increasing the limit
After restarting Apache, you can verify the new setting is active by creating a PHP test file:
<?php
// Output all Apache directives
print_r(apache_get_modules());
print_r(apache_get_configuration());
?>
Or check from terminal:
apachectl -t -D DUMP_CONFIG | grep LimitRequestFieldSize
If you can't modify the main Apache config (e.g., in shared hosting), consider:
- Reducing cookie size by storing only essential data
- Using session storage instead of cookies where possible
- Implementing token-based authentication with smaller headers