I had a problem the other day that I believe qualifies as a blog post. An elmah.io user reported that refreshing the organization overview would generate a 404. After debugging the problem, I found out that the URL generated by that page can be too long. This post is an explanation of the error and how to fix it.
The error
When looking at the error generated on localhost, I saw the following:
And in text:
HTTP Error 404.15 - Not Found
The request filtering module is configured to deny a request where the query string is too long
When looking at the Requested URL field at the bottom of the screenshot, it is clear that the URL is long. IIS enforces some limitations in the number of characters accepted as part of the query string. As suggested by the error message, this can be fixed by modifying the maxQueryString settings in the web.config file. Let's quickly recap the structure of an URL:
| Protocol | Domain | Path | Query string | Fragment |
|---|---|---|---|---|
| https:// | app.elmah.io | /errorlog/search/ | ?logId=42 | #overviewTab |
The error above is on the query string part, but there are other limitations as well. For the Path part, IIS also limits the number of allowed characters. This setting is named maxUrl, which doesn't make a lot of sense (IMO) when looking at the breakdown above. Both maxQueryString and maxUrl have default values, as shown below:
| Protocol | Domain | Path | Query string | Fragment | |
|---|---|---|---|---|---|
| https:// | app.elmah.io | /errorlog/search/ | ?logId=42 | #overviewTab | |
| Max length | 4096 |
2048 |
The default values are quite decent and cover most scenarios. To support a very long query string (or path) as illustrated by this error, there's an easy fix.
The fix
As you probably already guessed, the fix is to change the maxQueryString setting (or maxUrl if the problem is in the path). To do so, modify the security element in the web.config file:
<configuration>
...
<system.webServer>
...
<security>
<requestFiltering>
<requestLimits maxQueryString="8192" />
</requestFiltering>
</security>
</system.webServer>
</configuration>
In this example I have quadrupled the allowed number of characters in the query string.
For older websites, you need to change the setting as part of the system.web element:
<configuration>
...
<system.web>
...
<httpRuntime ... maxQueryStringLength="8192" />
</system.web>
</configuration>
Notice that when using the
httpRuntimeelement to configure max length, different default values exist. Most modern websites don't need to worry about this, though.
Would your users appreciate fewer errors?
elmah.io is the easy error logging and uptime monitoring service for .NET. Take back control of your errors with support for all .NET web and logging frameworks.
➡️ Error Monitoring for .NET Web Applications ⬅️
This article first appeared on the elmah.io blog at https://blog.elmah.io/fix-max-url-and-query-string-length-with-web-config-and-iis/
Top comments (1)
Nice 😄, According to below post It is always good to have
URLlength under2000, why you are allowing8000?stackoverflow.com/questions/417142...