MISP
Bug: Search Attribute- Request URI Too Long Errorin MISP Version 2.5.12
Actual behavior
When performing a search for attributes in MISP with 250 IOCs, the server returns a 414 Request-URI Too Long error. This likely stems from the use of long GET requests instead of POST. Result is not sorted to latest date and unable to export search result in csv formate
- MISP version: 2.5.12
Expected behavior
The search should be processed using a POST request or the query should be shortened/optimized to avoid exceeding the URI length limit. And unable to export searched data in csv format.
Steps to reproduce
Steps to Reproduce
- Go to Attributes Search
- Enter a 250 of values or long strings in the search fields
- Click "Search"
- Observe the
414 Request-URI Too Longerror in browser or logs
Version
2.5.12
Operating System
Ubuntu
Operating System version
22.04
PHP version
8.1
Browser
Firefox
Browser version
136.0
Relevant log output
Extra attachments
No response
Code of Conduct
- [x] I agree to follow this project's Code of Conduct
Thanks for posting this. We saw this in early April when we moved to 2.4.207. @iglocska is aware.
With 2.4.213 Search Attributes is still working well with this fix; however, now the Export feature at the bottom of the result page suffers from the same HTTP 414.
@iglocska With 2.5.16, as above, the Search Attributes textbox with large set of indicators works; however, the Export for the results fails with HTTP 414.
The issue is the constructed GET with the Download submit includes all the search strings in the URL, e.g. here's just 2 search strings as seen in Apache access log:
... [30/Jul/2025:16:30:28 +0000] "GET /attributes/restSearch/returnFormat:json/value[]:1.1.1.1/value[]:1.1.1.2/ HTTP/1.1" 200 787414 "https://MISP/attributes/index" "Mozilla/5.0..."
That works fine. The issue arises when an investigating analyst pastes in a long list of strings, e.g. 200 IPs. The resulting GET triggers HTTP 414 as the URL including all the requested strings is too long.