IIS Request Limits (Verify the requestFiltering/requestLimits@maxAllowedContentLength setting in the config file.)

by Rajesh 15. February 2012 13:11

Reference : http://www.iis.net/ConfigReference/system.webServer/security/requestFiltering/requestLimits

Verify the configuration/system.webServer/security/requestFiltering/requestLimits@maxAllowedContentLength setting in the applicationhost.config or web.config file."

The <requestLimits> element specifies limits on HTTP requests that are processed by the Web server. These limits include the maximum size of a request, the maximum URL length, and the maximum length for a query string. In addition, the <requestLimits> element can contain a collection of user-defined HTTP header limits in the <headerLimits> element, which allows you to define custom settings on HTTP headers.

Note: When request filtering blocks an HTTP request because an HTTP request exceeds the request limits, IIS 7 will return an HTTP 404 error to the client and log one of the following HTTP statuses with a unique substatus that identifies the reason that the request was denied:

HTTP SubstatusDescription
404.13 Content Length Too Large
404.14 URL Too Long
404.15 Query String Too Long

These substatuses allow Web administrators to analyze their IIS logs and identify potential threats.

In addition, when an HTTP request exceeds the header limits that are defined in the in the<headerLimits> element, IIS 7 will return an HTTP 404 error to the client with the following substatus:

HTTP SubstatusDescription
404.10 Request Header Too Long

Tags: ,

Comments are closed

Asha Zurich Chapter

Calendar

<<  October 2018  >>
MoTuWeThFrSaSu
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234

View posts in large calendar