Setting up protocol security for the Web server

If you set up protocol security, you can filter out requests that may be potential attacks, such as probing for buffer overflows or request parsing errors. If you host third-party applications, set the limits to the most stringent values that still allow the applications to work normally. If the request exceeds the limit, the Web server discards the request and returns an error to the browser.

Procedure

  1. Open the Server document you want to edit and click Edit Server.
  2. Click the Internet Protocols > HTTP and complete these fields:
    Table 1. HTTP Protocol Limits fields
    Field Action
    Maximum URL length

    Enter the maximum size, in KB, allowed for URLs received from HTTP clients. The length includes the query string. The default is 4 KB.

    Increase the default only if you host an application that requires an extremely long URL.

    Maximum number of URL path segments

    Enter the number of segments allowed. The default is 64, which is usually more than enough. A segment is delimited by slashes; for example, the URL /products.nsf/widgets contains two segments.

    Maximum number of request headers

    Enter the total number of HTTP request headers allowed. The default is 48. Normally, there is no need to increase the setting; typical requests sent from browsers usually include less than a dozen headers.

    Maximum size of request headers

    Enter the total length, in KB, of all the headers in the request. The default is 16KB.

    Maximum size of request content

    Enter the total amount of data, in MB, that can be contained in a request. The default is 10MB. The two most common ways for users to send data to the server is by submitting forms or by uploading files. If none of the applications on the server allow users to upload large files, you can probably set this to a much smaller value.