Search code examples
iisiis-10

IIS page URL rewrite gives a HTTP Error 400 with parameter string longer than 260 characters long

My environment is as follows:

IIS version is 10.0.17763.1 Running on Windows Server 2019 datacenter

On remote server I have a rest server (as a windows service) running on port 8041 which accepts calls with http. I have created a IIS website that runs on port 9010 that re-writes the calls via a https domain that redirects to the service running on 8041 port and vise versa. I can access both services separately and they both work fine under following scenarios:

Service running on 8041 port:

http://:8041/rest/AccountModule/GetUserSettings/<parameter string that is longer than 260 characters>

http://:8041/rest/AccountModule/GetUserSettings/<parameter string that is less than 260 characters https://:9010/rest/AccountModule/GetUserSettings/<parameter string that is less than 260 characters long>

website running on port 9010:

https://:9010/rest/AccountModule/GetUserSettings/<parameter string that is less than 260 characters long>

however following scenario does not work:

**https://:9010/rest/AccountModule/GetUserSettings/<parameter string that is longer than 260 characters https://:9010/rest/AccountModule/GetUserSettings/<parameter string that is less than 260 characters long>

**

the call gives the following error:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid URL</h2>
<hr><p>HTTP Error 400. The request URL is invalid.</p>
</BODY></HTML>```

I have tried many things such as configuration editor changes in IIS increase the limits maxRequestLength, maxUrlLength and maxQueryStringLength and adding new DWORD values to the registry files (Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters). They are as follows and none of them seems to work. 

[IIS-Configuration-Editor-Changes][1]
[Registry_Changes_Http][2]


my web config file content is as follows:


    <?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:8041/{R:1}" logRewrittenUrl="true" />
                </rule>
            </rules>
        </rewrite>
    <security>
      <requestFiltering allowDoubleEscaping="true">
        <requestLimits maxAllowedContentLength="50000000" maxUrl="6000000" maxQueryString="6000000">
                    <headerLimits>
                    </headerLimits>
                </requestLimits>
      </requestFiltering>
    </security>
    </system.webServer>
    <appSettings>
        <add key="httpRuntime" value="maxUrlLength" />
    </appSettings>
    <system.web>
        <httpRuntime maxRequestLength="50000" useFullyQualifiedRedirectUrl="true" maxUrlLength="50000" maxQueryStringLength="50000" />
    </system.web>
</configuration>

Help on fixing this long URL parameters (longer than 260 characters) is much appreciated.

Thanks
Dan


  [1]: https://i.sstatic.net/q82p6.png
  [2]: https://i.sstatic.net/xIoRq.png
Solution

  • After these configuration changes are completed, you need to restart the http service to take effect:

    1. Run the command prompt in search bar
    2. At the command prompt, type net stop http, then press Enter.
    3. At the command prompt, type net start http, then press Enter.

    I noticed that the values of some of your parameters are not set to the maximum, you can try the following configuration parameters:

    1. Modify the httpRuntime node to add maxQueryStringLength, maxRequestLength configuration:

      <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" maxQueryStringLength="2097151" maxUrlLength="2097151" maxRequestLength="2097151" relaxedUrlToFileSystemMapping="true" executionTimeout="36000" delayNotificationTimeout="36000" />

    2. Modify the system.webServer node:

      <security>
  <requestFiltering allowDoubleEscaping="true" allowHighBitCharacters="true"  >
    <requestLimits maxAllowedContentLength="2097151" maxQueryString="2097151" maxUrl="2097151" />
  </requestFiltering>
</security>

    According to the link from Microsoft, you can modify the following two values in the registry:

    enter image description here

    The setting of UrlSegmentMaxCount is the same as above, the value is also Dword 2048.