IIS Request Limits (Verify the requestFiltering/requestLimits@maxAllowedContentLength setting in the config file.)

by Rajesh 15. February 2012 13:11

Reference : http://www.iis.net/ConfigReference/system.webServer/security/requestFiltering/requestLimits

Verify the configuration/system.webServer/security/requestFiltering/requestLimits@maxAllowedContentLength setting in the applicationhost.config or web.config file."

The <requestLimits> element specifies limits on HTTP requests that are processed by the Web server. These limits include the maximum size of a request, the maximum URL length, and the maximum length for a query string. In addition, the <requestLimits> element can contain a collection of user-defined HTTP header limits in the <headerLimits> element, which allows you to define custom settings on HTTP headers.

Note: When request filtering blocks an HTTP request because an HTTP request exceeds the request limits, IIS 7 will return an HTTP 404 error to the client and log one of the following HTTP statuses with a unique substatus that identifies the reason that the request was denied:

HTTP SubstatusDescription
404.13 Content Length Too Large
404.14 URL Too Long
404.15 Query String Too Long

These substatuses allow Web administrators to analyze their IIS logs and identify potential threats.

In addition, when an HTTP request exceeds the header limits that are defined in the in the<headerLimits> element, IIS 7 will return an HTTP 404 error to the client with the following substatus:

HTTP SubstatusDescription
404.10 Request Header Too Long

Tags: ,

Comments are closed

Asha Zurich Chapter


<<  January 2019  >>

View posts in large calendar