Why Am I Seeing Error Code 414 Request-URI Too Large?
Symptoms
After a protected website is connected to WAF, the website is inaccessible and the error message "414 Request-URI Too Large" is displayed, as shown in Figure 1.
Possible Causes
The client browser cannot parse JavaScript. In this situation, the client browser caches the page that contains the JavaScript code returned by WAF. Each time the protected website is requested, the cached page is accessed. WAF then verifies that the access request is from an invalid browser or crawler. The access request verification fails. As a result, an infinite loop occurs, the URI length exceeds the browser limit, and the website becomes inaccessible.
After JavaScript anti-crawler is enabled, WAF returns a piece of JavaScript code to the client when the client sends a request. If the client sends a normal request to the website, triggered by the received JavaScript code, the client will automatically send the request to WAF again. WAF then forwards the request to the origin server. This process is called JavaScript verification. Figure 2 shows how JavaScript verification works.
- If the client is a crawler, it cannot be triggered by the received JavaScript code and will not send a request to WAF again. The client fails JavaScript authentication.
- If a client crawler fabricates a WAF authentication request and sends the request to WAF, the WAF will block the request. The client fails JavaScript authentication.
Handling Suggestions
Disable the JavaScript anti-crawler protection by performing the following steps:
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner and choose Web Application Firewall under Security.
- In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- Click the Anti-Crawler configuration area and toggle it on or off if needed.
- : enabled.
- : disabled.
- Click the JavaScript tab and disable the JavaScript anti-crawler protection. Its status changes to .
Figure 3 Disabling JavaScript anti-crawler protection
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.