I have a problem configuring httpd to accept large SPNEGO authentication headers. The request work fine with Authorization header line of up to at least 5674 bytes but break with Authorization header of more than 6178 bytes with the following answer :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Size of a request header field exceeds server limit.</p>
</body></html>
And the following error in server log (debug level)
[Thu Aug 23 07:26:31 2018] [error] [client x.x.x.x] request failed: error reading the headers
Here is an excert of the server-info page we have activated to ensure that the LimitRequestFieldSize was high enough
129: LimitRequestBody 52428800
130: LimitRequestFields 50
131: LimitRequestFieldsize 40960
132: LimitRequestLine 40960
The server is running RHEL 6.7 with stock httpd server
$ httpd -V
Server version: Apache/2.2.15 (Unix)
Server built: Mar 3 2015 12:06:14
Server's Module Magic Number: 20051115:25
Server loaded: APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture: 64-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/etc/httpd"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="run/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
