|
Example Microsoft URL that returns a Bad Request
https://t.co/gWCNCg4an9
which expands to
https://openedx.microsoft.com/courses/course-v1:Microsoft+AZURE202x+2017_T2/about
This is new Microsoft Learning site hosted on Azure (Microsoft's cloud service) using Open e dX[3] an open source training platform from Harvard and MIT.
[1][2]
Explanation
This is normally caused by having a very large Cookie being used that exceeds the limit set for the Web Server, serving the page.
In other words the developer of site created a very large Cookie, without testing this properly on the Web Server that website is running on. This is known as edge testing and can be part of IST (Integration System Testing).
Solution
However, for other sites clear you cookies for that domain will do the trick.
You can check this using this my post[5] on "This site can't be reached", to clear multiple cookies.
In Mozilla Firefox, for the site https://openedx.microsoft.com/ sets a csrftoken cookie, but not in Chrome. Chromes doesn't even have a chance to set a cookie yet.
https://openedx.microsoft.com/ is running on Nginx server. Read my post on how to get the server manufacturer.
This error will be resolved quickly, because they cannot negate Chrome representing 60% of market share[8] for long.
User Microsoft IE or Mozilla Firefox browser instead.
[6][7]Why NGIX Server Hosted Websites?
Lately the Bad Request error is occurring many times on Microsoft and Microsoft Affiliated Websites when using Chrome.
One began to suspect that this was a ploy by Microsoft to generate traffic for IE. However, most likely its just poor developer testing.
For sites hosted on NGIX servers, this header buffer size[9] is only 8k.
Syntax: | large_client_header_buffers number size ; |
---|---|
Default: | large_client_header_buffers 4 8k; |
Context: | http , server |
This is a tricky error to catch as it only affects people who have cookies over the allotted capacity. Some of your users might experience issues when their cookie size exceeds 8k or like in my case, some pages that set additional cookie value might push you over the limit.
In the first scenario once the user has cookies that are over the limit they wont be able to use the site any more while other users might access the same pages with no problem while their cookies are under the limit.
Why Microsoft Websites?
In some instances, when authentication is required by a site using Microsoft Live credentials, Bad Request error was showing up.Microsoft Sites and affiliated sites use common infrastructure for their credential store using Microsoft Passport, which lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication.
According to the official the Microsoft definition for Bad RequestKerberos authentication token for the user increases in size. The HTTP request that the user sends to the IIS server contains the Kerberos token in the WWW-Authenticate header, and the header size increases as the number of groups goes up. If the HTTP header or packet size increases past the limits configured in IIS, IIS may reject the request and send this error as the response.
So we are left with the remaining reason; generally no funds or time to do the right testing.
The default Microsoft IIS Web Server Header Limits is 64K, which is quite sufficient, but can break, if integrated systems testing is not part of the project plan
For Microsoft IIS HTTP Server, this limit is set by Header Limits <headerLimits> directive (default 64K). The Header Limits <headerLimits> directive allows the Web server administrator to reduce or increase the limit on the allowed size of an HTTP request header field. The element of the collection contains a collection of elements that specify the maximum size in bytes for HTTP headers.
Chrome Acceptance Header Size (not the problem)
Chrome can accept a header size of max 256Kb.
Actual limit seems to be 256KB for the whole HTTP header. Error message appears: "Error 325 (net::ERR_RESPONSE_HEADERS_TOO_BIG): Unknown error."
References
- ^ https://t.co/gWCNCg4an9 (t.co)
- ^ https://openedx.microsoft.com/courses/course-v1:Microsoft+AZURE202x+2017_T2/about (openedx.microsoft.com)
- ^ Open edX (open.edx.org)
- ^ https://openedx.microsoft.com/ (openedx.microsoft.com)
- ^ post (metadataconsulting.blogspot.ca)
- ^ https://openedx.microsoft.com/ (openedx.microsoft.com)
- ^ Nginx (www.nginx.com)
- ^ 60% of market share (www.netmarketshare.com)
- ^ header buffer size (nginx.org)
- ^ Bad Request (support.microsoft.com)