Why Am I Seeing Error Code 414 Request-URI Too Large?
Symptoms
After a protected website is connected to WAF, the website is inaccessible and the error message "414 Request-URI Too Large" is displayed, as shown in Figure 1.
Possible Causes
The client browser cannot parse JavaScript. In this situation, the client browser caches the page that contains the JavaScript code returned by WAF. Each time the protected website is requested, the cached page is accessed. WAF then verifies that the access request is from an invalid browser or crawler. The access request verification fails. As a result, an infinite loop occurs, the URI length exceeds the browser limit, and the website becomes inaccessible.
After JavaScript anti-crawler is enabled, WAF returns a piece of JavaScript code to the client when the client sends a request. If the client sends a normal request to the website, triggered by the received JavaScript code, the client will automatically send the request to WAF again. WAF then forwards the request to the origin server. This process is called JavaScript verification. Figure 2 shows how JavaScript verification works.
- If the client is a crawler, it cannot be triggered by the received JavaScript code and will not send a request to WAF again. The client fails JavaScript authentication.
- If a client crawler fabricates a WAF authentication request and sends the request to WAF, the WAF will block the request. The client fails JavaScript authentication.
Handling Suggestions
Disable the JavaScript anti-crawler protection by performing the following steps:
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - Click
in the upper left corner and choose Web Application Firewall under Security. - In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- In the Anti-Crawler configuration area, click Configure Bot Mitigation.
Figure 3 Anti-Crawler configuration area
- Click the JavaScript tab and disable the JavaScript anti-crawler protection. Its status changes to
.
Figure 4 Disabling JavaScript anti-crawler protection
Service Interruption Check FAQs
- How Do I Troubleshoot 404/502/504 Errors?
- Why Is My Domain Name or IP Address Inaccessible?
- How Do I Handle False Alarms as WAF Blocks Normal Requests to My Website?
- Why Does WAF Block Normal Requests as Invalid Requests?
- Why Is the Handle False Alarm Button Grayed Out?
- How Do I Whitelist IP Address Ranges of Cloud WAF?
- What Is the Connection Timeout Duration of WAF? Can I Manually Set the Timeout Duration?
- How Do I Solve the Problem of Excessive Redirection Times?
- Why Are HTTPS Requests Denied on Some Mobile Phones?
- How Do I Fix an Incomplete Certificate Chain?
- Why Does My Certificate Not Match the Key?
- Why Am I Seeing Error Code 418?
- Why Am I Seeing Error Code 523?
- Why Does the Website Login Page Continuously Refreshed After a Domain Name Is Connected to WAF?
- Why Does the Requested Page Respond Slowly After the HTTP Forwarding Policy Is Configured?
- How Can I Upload Files After the Website Is Connected to WAF?
- Why Am I Seeing Error Code 414 Request-URI Too Large?
- What Do I Do If the Protocol Is Not Supported and the Client and Server Do Not Support Common SSL Protocol Versions or Cipher Suites?
- Why Cannot I Access the Dedicated Engine Page?
- Why Is the Bar Mitzvah Attack on SSL/TLS Detected?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
more
