5

What is the maximum URL length you can pass to the Wininet function, HttpOpenRequest?

Jason
  • 16,739
  • 23
  • 87
  • 137

3 Answers3

6

There are some max length consts in WinInet.h:

...
//
// maximum field lengths (arbitrary)
//

#define INTERNET_MAX_HOST_NAME_LENGTH   256
#define INTERNET_MAX_USER_NAME_LENGTH   128
#define INTERNET_MAX_PASSWORD_LENGTH    128
#define INTERNET_MAX_PORT_NUMBER_LENGTH 5           // INTERNET_PORT is unsigned short
#define INTERNET_MAX_PORT_NUMBER_VALUE  65535       // maximum unsigned short value
#define INTERNET_MAX_PATH_LENGTH        2048
#define INTERNET_MAX_SCHEME_LENGTH      32          // longest protocol name length
#define INTERNET_MAX_URL_LENGTH         (INTERNET_MAX_SCHEME_LENGTH \
                                        + sizeof("://") \
                                        + INTERNET_MAX_PATH_LENGTH)
...
Eugene
  • 3,335
  • 3
  • 36
  • 44
2

I would suggest less than 2000 characters., but this KB article suggests Internet Explorer has a limit of 2083, which may well apply to your case too.

Community
  • 1
  • 1
Paul Dixon
  • 295,876
  • 54
  • 310
  • 348
2

HttpOpenRequest does not have a maximum length but server software you are targeting will likely have a limit on your URL length.

Apache (Server)

My early attempts to measure the maximum URL length in web browsers bumped into a server URL length limit of approximately 4,000 characters, after which Apache produces a "413 Entity Too Large" error. I used the current up to date Apache build found in Red Hat Enterprise Linux 4. The official Apache documentation only mentions an 8,192-byte limit on an individual field in a request.

Microsoft Internet Information Server (Server)

The default limit is 16,384 characters (yes, Microsoft's web server accepts longer URLs than Microsoft's web browser). This is configurable.

Perl HTTP::Daemon (Server)

Up to 8,000 bytes will work. Those constructing web application servers with Perl's HTTP::Daemon module will encounter a 16,384 byte limit on the combined size of all HTTP request headers. This does not include POST-method form data, file uploads, etc., but it does include the URL. In practice this resulted in a 413 error when a URL was significantly longer than 8,000 characters. This limitation can be easily removed. Look for all occurrences of 16x1024 in Daemon.pm and replace them with a larger value. Of course, this does increase your exposure to denial of service attacks.

(from Boutell.com)

Robert Cartaino
  • 27,494
  • 6
  • 45
  • 67
  • Do you know if these limits include name value pairs (e.g. url?data=x..) or just the url itself? – David Sykes Sep 08 '10 at 09:34
  • @David Sykes: I *believe* the limits are based the size of the buffer used to store the characters so I would assume that includes name-value pairs. But I'm just speculating. – Robert Cartaino Sep 08 '10 at 14:21
  • 1
    *"HttpOpenRequest does not have a maximum length"* - [This answer](https://stackoverflow.com/a/1293129/1889329) disagress with that statement. – IInspectable Mar 07 '18 at 08:41