Jira users receiving the error 400 Bad Request: Message Request header is too large
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Requests with long Request Headers may receive the error "400 Bad Request: Message Request header is too large" error when trying to access Jira.
Diagnosis
- Collect a HAR file to inspect the request receiving the error 400;
- Collect a support.zip to check if the request was issued by Jira (for instance, as happened on this Jira issue: JSWSERVER-20190 - Getting issue details... STATUS ).
Cause
This error message occurs when the header size in the HTTP request is bigger than the limit set in the webserver or application server.
Apache Tomcat limits the allowed size of the request and response HTTP header, specified in bytes using the attribute maxHttpHeaderSize. If not specified, this attribute is set to a default value, depending on the Apache Tomcat version.
Jira does configure Tomcat with the value maxHttpHeaderSize="8192".
Solution
1) Client-side:
- Clear Browser Cache.
- Clear Browser Cookies.
- File Upload Exceeds Server Limit.
- Deactivate Browser Extensions.
2) Server-side
Increase the max header size following the steps:
- Shutdown Jira.
- Edit <jira install>/conf/server.xml and increase the value of maxHttpHeaderSize to a higher size, for instance, "12288":
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="12288" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>- Restart Jira.
3) Proxy-side
If you are using a reverse proxy, you also need to make sure to set the request line limit to the same size:
- Apache Core Limits
- Nginx - Module ngx_http_core_module
- HAProxy - increase tune.bufsize / tune.maxrewrite
- Microsoft IIS:
maxQueryStringLengthneed to be adjusted from 2048 to 32768 (Bytes)maxUrlLengthneed to be adjusted from 4096 to 65536 (Bytes)
Please ensure the maxHttpHeaderSize is set on the same proxy tomcat connector port so it does not limit the request header even though you have already set a higher value of header size on the proxy side.