웹 브라우저 별 query parameter(url querystring) 최대 길이 제한

웹 브라우저마다 서로 다른 query parameter limit 정책을 가지고 있습니다. query parameter를 다룰 때는 지원하는 웹 브라우저의 이러한 최대 길이 제한에 대해서 숙지하고 작업을 하는 것이 안전합니다.

• Microsoft Internet Explorer (Browser)
  Microsoft states that the maximum length of a URL in Internet Explorer is 2,083 characters, with no more than 2,048 characters in the path portion of the URL. Attempts to use URLs longer than this produced a clear error message in Internet Explorer.

• Microsoft Edge (Browser)
  The limit appears to be around 81578 characters. See URL Length limitation of Microsoft Edge

• Chrome
  It stops displaying the URL after 64k characters, but can serve more than 100k characters. No further testing was done beyond that.

• Firefox (Browser)
  After 65,536 characters, the location bar no longer displays the URL in Windows Firefox 1.5.x. However, longer URLs will work. No further testing was done after 100,000 characters.

• Safari (Browser)
  At least 80,000 characters will work. Testing was not tried beyond that.

• Opera (Browser)
  At least 190,000 characters will work. Stopped testing after 190,000 characters. Opera 9 for Windows continued to display a fully editable, copyable and pasteable URL in the location bar even at 190,000 characters.

• Apache (Server)
  Early attempts to measure the maximum URL length in web browsers bumped into a server URL length limit of approximately 4,000 characters, after which Apache produces a "413 Entity Too Large" error. The current up to date Apache build found in Red Hat Enterprise Linux 4 was used. The official Apache documentation only mentions an 8,192-byte limit on an individual field in a request.

• Microsoft Internet Information Server (Server)
  The default limit is 16,384 characters (yes, Microsoft's web server accepts longer URLs than Microsoft's web browser). This is configurable.

• Perl HTTP::Daemon (Server)
  Up to 8,000 bytes will work. Those constructing web application servers with Perl's HTTP::Daemon module will encounter a 16,384 byte limit on the combined size of all HTTP request headers. This does not include POST-method form data, file uploads, etc., but it does include the URL. In practice this resulted in a 413 error when a URL was significantly longer than 8,000 characters. This limitation can be easily removed. Look for all occurrences of 16x1024 in Daemon.pm and replace them with a larger value. Of course, this does increase your exposure to denial of service attacks.

출처: https://codezip.tistory.com/741 [CODEZIP.NET]