Rewritten URLs with parameter length > 255 don't work
Solution 1
Do you think you are running into a limitation of the file system?
May be the max filename length is of 255 bytes and when apache or the mod_rewrite rule checks if the file exists an error is returned to apache by the operating system.
If you put some rule in your .htaccess file, It's too late to work around the problem. Apache will have already tried to stat the filename and thrown file system error '(36)File name too long', returning a 403 error.
Maybe you could change the URL pattern inside your app. to a max of 255 chars from slash to slash.
EDIT: look here for a detailed answer to this issue. I borrowed mine from there.
Solution 2
There's a similar question about this limit here:
You may be running into a limitation of the underlying file system
I don't know if you're using REQUEST_FILENAME somewhere in you .htaccess configuration, so don't know if the provided solution is going to work.
Related videos on Youtube
philfreo
Updated on September 17, 2022Comments
-
philfreo almost 2 years
I'm using mod_rewrite to rewrite URLs like this:
http://example.com/1,2,3,4/foo/
By doing this in .htaccess:
RewriteEngine On RewriteRule ^([\d,]+)/foo/$ /foo.php?id=$1 [L,QSA]
It works fine, except for when "1,2,3,4" turns into a string longer than 255 characters, Apache returns a "403 Forbidden".
There is no problem visiting
foo.php?id=1,2,3,4
directly, even with a very long id string, however this isn't an option for me.Is there some Apache or other setting I should tweak?
UPDATE: I turned RewriteLog on with RewriteLogLevel 9. With a short id string, I get several lines in my log file. But when the id string is greater than 255 chars., nothing is logged (seems as though mod_rewrite isn't even executing?).
If you find this question interesting/helpful, please upvote it.
-
philfreo about 14 yearsThat makes sense, but nope, I'm not. I edited my question to include the .htaccess file in its entirety. Other ideas?
-
philfreo about 14 yearsSee update to question. And no, I don't see a mod_security file in
/usr/include/apache2/
or/usr/lib/apache2/modules/
(but I do see mod_rewrite there) so I'm assuming it's not installed. -
philfreo about 14 yearsReally? There's no way to do this in Apache?
-
philfreo about 14 yearsYes, this is currently all we can do, I'm hoping for a workaround or setting tweak though.
-
Stefan Lasiewski about 14 yearsMicrospino, Looks like you cut and pasted part of your answer from @Jeff Clark's answer here: serverfault.com/questions/120397/… . You should hyperlink to that answer, so that he gets some notoriety.
-
microspino about 14 years@Stefan lasieswski: you're right, I added a reference.
-
Stefan Lasiewski about 14 yearsAccording to "Apache mod_rewrite Technical Details" at httpd.apache.org/docs/trunk/rewrite/tech.html "Although mod_rewrite rewrites URLs to URLs, URLs to filenames and even filenames to filenames, the API currently provides only a URL-to-filename hook.". So even though you are not hitting an actual file, maybe the URL to filename hook is hitting the OS resource limit?
-
HorusKol about 14 yearsso, you're thinking maybe Apache is trying to stat the requested file regardless - I mean, that could be the only way to explain that the too long URL isn't even being picked up by the rewrite engine...
-
microspino about 14 yearsYes this is my idea, although I think that in general having so long urls and filenames should be avoided for a number of reasons. So the best advice I could think maybe is to change something in the URL pattern if the filename isn't already too long.