166

I am building a site in which i would like to create a file client side from the value of a textarea element.

I have the code in place to do this, but i am getting this error

HTTP Error 404.15 - Not Found The request filtering module is configured to deny a request where the query string is too long.

Is there a way to override this so that I am able to process requests of any size?

If not, is there a way to generate files client side without using the filesystem/active x object?

thanks

djv
  • 15,168
  • 7
  • 48
  • 72
some_bloody_fool
  • 4,605
  • 14
  • 37
  • 46
  • 9
    What you want to consider is that even though the query string length may be configurable for IIS or your application, there is an HTTP standard for URL length. Since you're using a query string you're passing values as part of the URL. The max URL character length is 2000 characters. If your values are going to be lengthy strings, it would be best to POST the values rather than passing them in the query string. – Jeff LaFay Jul 24 '12 at 17:48
  • 2
    Agree with Jlafay. It is a best Practice to POST the values when you have more than 2-3 simple parameters. and when you use query string be sure to encrypt them. – Jack May 24 '13 at 07:14

10 Answers10

298

Add the following to your web.config:

<system.webServer>
  <security>
    <requestFiltering>
      <requestLimits maxQueryString="32768"/>
    </requestFiltering>
  </security>
</system.webServer>

See:

http://www.iis.net/ConfigReference/system.webServer/security/requestFiltering/requestLimits

Updated to reflect comments.

requestLimits Element for requestFiltering [IIS Settings Schema]

You may have to add the following in your web.config as well

<system.web>
    <httpRuntime maxQueryStringLength="32768" maxUrlLength="65536"/>
</system.web>

See: httpRuntime Element (ASP.NET Settings Schema)

Of course the numbers (32768 and 65536) in the config settings above are just examples. You don't have to use those exact values.

Matt Varblow
  • 7,651
  • 3
  • 34
  • 44
  • 26
    That alone was not enough for me. I had to also add this to the system.web section: – Rob Sedgwick Jul 23 '13 at 10:58
  • 2
    nnn is the maximum string length that you'd like to allow, e.g. 32768 – Matt Varblow Mar 20 '15 at 17:37
  • not working see this http://stackoverflow.com/questions/31624710/mvc-website-bad-request-invalid-url-http-error-400-the-request-url-is-inval – Jitendra Pancholi Jul 25 '15 at 10:00
  • 1
    I tried each one individually, setting the security node under system.webServer and then removing and just adding the attributes to the httpRuntime node. I definitely needed both to work. Many thanks! – David Gunderson Sep 23 '15 at 18:26
  • An update for those of us using ASP.Net Core 1.1 (which doesn't even have a Web.config anymore) would be highly appreciated! :D – Scott Fraley May 12 '17 at 17:28
  • 2
    Note: the **** tag goes under ****:            – LePatay Jun 04 '18 at 09:26
  • I'm using IIS 8.5 and this was not working for me. From other answer and comments here I think this is a fix for IIS 7 only. If that is the case maybe the answer should be updated to reflect that in bold? – Arvo Bowen Oct 08 '18 at 16:55
  • If you are looking for a solution to IIS 8.5 see my answer which also uses the gui and has images. – Arvo Bowen Oct 08 '18 at 17:20
36

In my case ( Visual Studio 2012 / IIS Express / ASP.NET MVC 4 app / .Net Framework 4.5 ) what really worked after 30 minutes of trial and error was setting the maxQueryStringLength property in the <httpRuntime> tag:

<httpRuntime targetFramework="4.5" maxQueryStringLength="10240" enable="true" />

maxQueryStringLength defaults to 2048.

More about it here:

Expanding the Range of Allowable URLs

I tried setting it in <system.webServer> as @MattVarblow suggests, but it didn't work... and this is because I'm using IIS Express (based on IIS 8) on my dev machine with Windows 8.

When I deployed my app to the production environment (Windows Server 2008 R2 with IIS 7), IE 10 started returning 404 errors in AJAX requests with long query strings. Then I thought that the problem was related to the query string and tried @MattVarblow's answer. It just worked on IIS 7. :)

Community
  • 1
  • 1
Leniel Maccaferri
  • 100,159
  • 46
  • 371
  • 480
15

If you run into this issue when running an IIS 8.5 web server you can use the following method.

First, find the "Request Filtering" module in the IIS site you are working on, then double click it...

enter image description here

Next, you need to right click in the white area shown below then click the context menu option called "Edit Feature Settings".

enter image description here

Then the last thing to do is change the "Maximum query string (Bytes)" value from 2048 to something more appropriate such as 5000 for your needs.

enter image description here

Arvo Bowen
  • 4,524
  • 6
  • 51
  • 109
6

Something else to check: if your site is using MVC, this can happen if you added [Authorize] to your login controller class. It can't access the login method because it's not authorized so it redirects to the login method --> boom.

SteveCav
  • 6,649
  • 1
  • 50
  • 52
  • Thanks! I experienced this problem because I moved the Menu/Navigation to a partial view and another Controller which didn't allow anonymous connections. – Westerlund.io Aug 21 '16 at 01:19
  • Another case where the error message, although true, bears no relation to the actual problem. – Steve Smith Feb 21 '18 at 12:46
  • 1
    Also check out the project properties as it could be that the Windows Authentication is “Enabled” and the Anonymous Authentication is Disabled”. Pls check out this detailed article - [Error (Visual Studio 2013, MVC5): The request filtering module is configured to deny a request where the query string is too long](https://www.codeproject.com/Tips/805682/Error-The-request-filtering-module-query-string-is) – fujiFX Sep 13 '18 at 05:51
1

It will also generate error when you pass large string in ajax call parameter.

so for that alway use type post in ajax will resolve your issue 100% and no need to set the length in web.config.

// var UserId= array of 1000 userids

$.ajax({
        global: false,
        url: SitePath + "/User/getAussizzMembersData",
        "data": { UserIds: UserId},
        "type": "POST",
        "dataType": "JSON"
}}
Irvin Dominin
  • 30,819
  • 9
  • 77
  • 111
Rinku Choudhary
  • 1,529
  • 1
  • 13
  • 22
0

I had a similar issue trying to deploy an ASP Web Application to IIS 8. To fix it I did as Matt and Leniel suggested above. But also had to configure the Authentication setting of my site to enable Anonymous Authentication. And that Worked for me.

Ronald Nsabiyera
  • 354
  • 2
  • 10
0

I had to add [AllowAnonymous] to the ActionResult functions in my login page because the user was not authenticated yet.

Andrew Gale
  • 101
  • 1
  • 4
0

If your website is using authentication, but you don't have the correct authentication method set up in IIS (e.g. Basic, Forms etc..) then the browser will be getting stuck in a redirect loop. This causes the redirect url to get longer and longer until it explodes.

Steve Smith
  • 2,244
  • 2
  • 18
  • 22
0

For someone who experiences this while running the apps from Visual Studio, while using IIS Express, first you have to locate the applicationhost.config file being used by the application. See the answer at https://stackoverflow.com/a/41553876/1849880 on how to locate the applicationhost.config file. Then, you can change the maxQueryString value as explained above.

yibe
  • 338
  • 3
  • 7
-1

HTTP Error 404.15 - Not Found The request filtering module is configured to deny a request where the query string is too long.

To resolve this problem, check in the source code whether the Form tag has a property method is get/set state.

If so, the method property should be removed.

djv
  • 15,168
  • 7
  • 48
  • 72
user3635095
  • 9
  • 1