'HTTP status 400 Bad Request' error when a user connects to VisualSVN Server

Symptoms

When trying to connect to VisualSVN Server using Subversion client, a user may receive the following error message:

svn: E175002: Unable to connect to a repository at URL 'https://svn.example.com/svn/repo'
svn: E175002: Unexpected HTTP status 400 'Bad Request' on '/svn/repo'

The error on the client is accompanied by the following Error Level event in the VisualSVN Server event log:

request failed: error reading the headers
Note
This article relates to the particular issue that can occur only when VisualSVN Server is configured to use Integrated Windows Authentication.

Technical background

The above errors indicate that HTTP request header received by VisualSVN Server exceeds the header size limit. By default, request header size limit is set to 16384 bytes in VisualSVN Server.

Kerberos authentication method is always selected when a user authenticates to VisualSVN Server using Negotiate (SPNEGO) protocol and the connecting client supports Kerberos. In such case, the client sends special Kerberos access token as an HTTP request header. The error occurs when HTTP request header containing the access token becomes too large and exceeds the limit.

Kerberos token can become too large when Active Directory accounts migration is in process and has not been fully completed yet. Kerberos token includes SID history to retain access control and security settings in the process of migration. Therefore, Kerberos token can exceed HTTP header size limit if SID history is large. For more information about SID history, read the Microsoft TechNet article "Using SID History to Preserve Resource Access".

Resolution

If the problem occurs in the middle of Active Directory accounts migration or the migration has not been properly completed, it is necessary to complete the migration and clear the SID history. You can find articles describing the problem and its resolution on TechNet Blogs:

Workaround

In order to workaround the issue, it is possible to increase the HTTP request header limit set in VisualSVN Server.

Warning
Increasing the HTTP request header size limit might affect performance of VisualSVN Server and make it vulnerable to DoS attacks. Therefore, this workaround is intended only for temporary mitigation!

Follow these steps to increase the HTTP request header limit:

  1. Start Notepad as administrator and open the file:
    %VISUALSVN_SERVER%conf\httpd-custom.conf.
  2. Enter the following line and save the file: 
    LimitRequestFieldSize 32760
  3. Restart VisualSVN Server.
Last Modified: