HTTP Error 404.15 -Not Found

Question

The request filtering module is configured to deny a request where the query string is too long.

I am having above error, and I have been trying almost everything but no luck

My Project is MVC4 on Visual Studio 2013

things I have made sure are correct and tried.

• There is no [Authorize] Attr on my classes with [AllowAnonymous] Attr.
• I have added maxQueryStringLength="32768" maxUrlLength="65536" to in my config file
• I have added -->

• I have [AllowAnonymous] attr on my log on Actions in my controller.

• I have no problem when I run the application in debug mode or without debug mode on Visual Studio.

• here is my rout config routes.MapRoute( name: "Default", url: "{controller}/{action}/{id}", defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional } );

• this is the error I am getting on the web server

Answer 1

Insert/Update web.config file as like sample below

<configuration>
   <system.webServer>
       <security>
          <requestFiltering>
             <requestLimits maxQueryString="3000" maxUrl="1000" />
          </requestFiltering>
       </security>
   </system.webServer>
   <system.web>
       <httpRuntime maxQueryStringLength="32768" maxUrlLength="65536"/>
   </system.web>
</configuration>

Answer 2

As the error message tells you

The request filtering module is configured to deny a request where the query string is too long.

At the screenshot you can clearly see that the returnUrl Parameter is huge.

So there are to solutions

1. Clear your returnUrl Parameter in your Controller Method [HttpPost] Login();

2. Add the following to your web.config :

web.config

<system.webServer>
  <security>
    <requestFiltering>
      <requestLimits maxQueryString="*"/> <!-- Replace * with any number, which is required -->
    </requestFiltering>
  </security>
</system.webServer>

---

In your case go definitively with Solution 1. It's simply a bug in your Code and easily fixed without touching the IIS or other config files.

See this post for more information about Request Query String Limit.

Answer 3

just modify the web.config add

<configuration>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxQueryString="30000" maxUrl="10000" />  
</requestFiltering>
</security>
</system.webServer>
</configuration>

also add under <system.web>

<httpRuntime maxQueryStringLength="32768" maxUrlLength="65536"/>

Answer 4

if you have already scaffolding the identity login , just add [AllowAnonymous] in the page (behind code) login, like this :

[AllowAnonymous]
public class LoginModel : PageModel { ....... }

Answer 5

I had the same problem, I replaced GET method with POST and it worked.

Answer 6

Put [AllowAnonymous] in the Login Page(for Razor Project like mine) or the View's Controller(for MVC - I imagine).

Perhaps you scaffolded the Login Page, thereby making it subject - as soon as you hit Login button - to your fallback policy* in your Program.cs (now in .NET 6.0, Startup.cs for earlier .NET). Your fallback policy forbids any Page(view) without a policy, and since you have no policy in the login page, as soon as you hit the login it calls that view, and you get the error. I'm not sure that I understand why it isn't a nice error. Perhaps because it tries a hundred times to put that URL in and therefore it implies that in the 25252525225252522 etc and so forth message.

Luckily I was helped pinpointing the error because my app worked fine logging in and out without the fallback policy, but it was exactly that fallback policy that caused error.

• By fallback policy, I refer to:

  builder.Services.AddAuthorization(options => { options.FallbackPolicy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .Build(); });