URL too long results in Bad Request (Invalid URL)
JPElectron
(URL + query string) will be generated that seems to be too long for
either the browser to display or the web server to serve...
For example, if the address bar has a URL with 375 characters, all you
get is: Bad Request (Invalid URL)
If it has 371 characters, I still get: Bad Request (Invalid URL)
If I cut off a few, so it's 370 characters or less, the page will
display fine. Note that I'm not changing anything else in the line,
I'm just cutting off a few characters (numbers in this case) from the
end.
The real question here, is when I set a custom 400 error, which I
assume is what's producing the: Bad Request (Invalid URL) error to
display - I can't get my custom error page to display, I still get
just: Bad Request (Invalid URL)
Any idea why my custom error isn't working?
Ken Schaefer
generated by http.sys, not by IIS
Check httperr.log file to see if http.sys is generating the error. If so,
then I don't think there's anything you can do to customise that error
message.
Cheers
Ken
"JPElectron" <jp.m...@gmail.com> wrote in message
news:46099665-1e26-4d45...@q33g2000hsh.googlegroups.com...
JPElectron
up in WINDOWS\system32\LogFiles\HTTPERR\httperr1.log
So what's the point/difference in defining a custom 400 error in IIS?
Is there any way to show a different page/message when this happens?
Ken Schaefer
> yes, I'm using IIS 6 (Windows 2003) and your right, these errors show
> up in WINDOWS\system32\LogFiles\HTTPERR\httperr1.log
>
> So what's the point/difference in defining a custom 400 error in IIS?
I suppose for 400 errors that are generated elsewhere. You can certainly
write your own app that generates "Bad Request" status for whatever reason
you feel like (even if the request technically doesn't contravene the HTTP
specification)
> Is there any way to show a different page/message when this happens?
Not that I'm aware of - well, not within IIS (since http.sys is lower down
in the stack). I don't know much about interfacing with the http.sys API,
but that would probably be the place you'd need to do this work.
Oddly enough, I didn't think that the HTTP spec defined a length for URIs,
and 400 characters seems like a low limit (unless there's also a
corresponding limit in file paths lengths in Windows - maybe in FAT32 -
since that would be the lowest common denominator file system).
Cheers
Ken
Bernard Cheah [MVP]
just like 503.
Also bad request 400 for invalid url should not be related to url too long,
if you got then it should be url_length in the reason phrase.
what's so special about ur request url ?
--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/
"Ken Schaefer" <kenR...@THISadOpenStatic.com> wrote in message
news:eEM2254d...@TK2MSFTNGP04.phx.gbl...
JPElectron
sites (lets just say unwanted sites) to my own IIS server instead
(this based on corporate policy)
Here are the sample URLs, although I've changed the domain-names to
protect the guilty...
don't work = Bad Request (Invalid URL)
http://ad.dooaaaccaaa.net/adr/Saaaaaaa/saaaaaaa.com.dart;type=Banner;click=http://ads.saaaaaaa.co.uk/event.ng/Type=click&FlightID=87332&AdID=101396&TargetID=22535&Values=30,46,50,62,75,80,93,101,110,150,241,570,791,908,913,923,1454,1460,1667,1679,1748,1749,1837,1924,1925,1932,2467,2476,3096,3184,3311,3904,3998,4154,4163,4284,4371&Redirect=;sz=728x90;ord=1283960951362240.2?
(375 characters)
works = content replaced because my 404 error page redirects to my
default document ok
http://ad.dooaaaccaaa.net/adr/Saaaaaaa/saaaaaaa.com.dart;type=Banner;click=http://ads.saaaaaaa.co.uk/event.ng/Type=click&FlightID=87332&AdID=101396&TargetID=22535&Values=30,46,50,62,75,80,93,101,110,150,241,570,791,908,913,923,1454,1460,1667,1679,1748,1749,1837,1924,1925,1932,2467,2476,3096,3184,3311,3904,3998,4154,4163,4284,4371&Redirect=;sz=728x90;ord=40379886010947
(370 characters)
Bernard Cheah [MVP]
kernel mode.
mm.... your sample url trigger nothing on my mind. just 5 char diff :)
can you post the complete line of the httperr.log file?
it didn't reach IIS log right?
--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/
"JPElectron" <jp.m...@gmail.com> wrote in message
news:3533059d-7fdf-4789...@64g2000hsw.googlegroups.com...
Daniel Crichton
> Based on some DNS trickery I am able to resolve the domains of some
> sites (lets just say unwanted sites) to my own IIS server instead (this
> based on corporate policy)
> Here are the sample URLs, although I've changed the domain-names to
> protect the guilty...
Have you got URLScan installed and enabled? It has options for setting
allowable lengths on URLs. Also there are registry settings for HTTP.sys,
but I've checked my own server and they're not present by default:
The HTTP.SYS component used by IIS 6.0 allows size limits to be set on
various parts of the request. The values can be changed by modifying
AllowRestrictedChars, MaxFieldLength, UrlSegmentMaxLength, and
UrlSegmentMaxCount in the registry under the following registry keys:
菱KEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\HTTP\Parameters\AllowRestrictedChars
菱KEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\HTTP\Parameters\MaxFieldLength
菱KEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\HTTP\Parameters\UrlSegmentMaxLength
菱KEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\HTTP\Parameters\UrlSegmentMaxCount
(above from http://www.microsoft.com/technet/security/tools/urlscan.mspx)
--
Dan