关于get方式传递字符串的最大长度问题

47次阅读

以前一直以为1024字节(即包括查询字符串在内的url总长度),今天听到有人说256字节…

自己测试了下,发现都不是
firefox,chrome,IE9下,允许的最大长度都为8193字节…

疑问:
这个值到底是依据什么而定的呢?根据我的测试结果,三种浏览器允许的最大长度都一致,这说明应该不是浏览器的问题,那是服务器的配置问题么?如果是的话,是什么配置项起的作用呢?

下面是测试用的代码:
urllenchk.php

$url = 'http://localhost/lab/urllen.php?query=';
    $queryString = str_repeat('a', 8192-strlen($url)+1);
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, $url.$queryString);
    curl_setopt($curl, CURLOPT_TIMEOUT, 10);
    curl_exec($curl);

urllen.php

echo strlen('http://'.$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'])."<br />";
echo strlen($_GET['query']);

RainTaste

RFC文档 Form submission method

get: With the HTTP “get” method, the form data set is appended to the URI specified by the action attribute (with a question-mark (“?”) as separator) and this new URI is sent to the processing agent.

post: With the HTTP “post” method, the form data set is included in the body of the form and sent to the processing agent.

这里面并没有规定get和post的长度,大家所看到的长度限制是由浏览器厂商实现所自己规定的。MSIE是2k,Opera 4K, Firefox 8K. 超出以后会返回414错误.

关于get和post更详细的讨论参见文章http://stackoverflow.com/a/2659995/13…

The limit is dependent on both the server and the client used (and if applicable, also the proxy the server or the client is using).

Most webservers have a limit of 8192 bytes (8KB), which is usually configureable somewhere in the server configuration. As to the client side matter, the HTTP 1.1 specification even warns about this, here’s an extract of chapter 3.2.1:

Note: Servers ought to be cautious about depending on URI lengths above 255 bytes, because some older client or proxy implementations might not properly support these lengths.

The limit is in MSIE and Safari about 2KB, in Opera about 4KB and in Firefox about 8KB. We may thus assume that 8KB is the maximum possible length and that 2KB is a more affordable length to rely on at the server side and that 255 bytes is the safest length to assume that the entire URL will come in.

If the limit is exceeded in either the browser or the server, most will just truncate the characters outside the limit without any warning. Some servers however may send a HTTP 414 error. If you need to send large data, then better use POST instead of GET. Its limit is much higher, but more dependent on the server used than the client. Usually up to around 2GB is allowed by the average webserver. This is also configureable somewhere in the server settings. The average server will display a server-specific error/exception when the POST limit is exceeded, usually as HTTP 500 error.

Andy

RFC 2616 (Hypertext Transfer Protocol HTTP/1.1) section 3.2.1有以下描述:

The HTTP protocol does not place any a priori limit on the length of
a URI. Servers MUST be able to handle the URI of any resource they serve, and SHOULD be able to handle URIs of unbounded length if they provide GET-based forms that could generate such URIs. A server SHOULD return 414 (Request-URI Too Long) status if a URI is longer than the server can handle (see section 10.4.15).

Note: Servers ought to be cautious about depending on URI lengths above 255 bytes, because some older client or proxy implementations might not properly support these lengths.

也就是说协议本身并没有限制url最大长度,server可以按照自身能力尽可能处理最大长度,否则返回414错误。
另外在apache配置url最大长度的方法如下:
LimitRequestLine 4094

maoniu

正文完