0

After searching for an appropriate way to handle large requests in ASP NET to avoid showing the default error message of maxRequestLength exceeded to the user, I read an HttpModule could work for this. I created the following HttpModule, but it still fails to get the request before ASP NET shows the error page. Maybe someone could point me in the right direction:

public class ApplicationLargeRequestsHttpModule : IHttpModule
{
    public void Dispose()
    {
        //throw new NotImplementedException();
    }

    public void Init(HttpApplication context)
    {
        context.BeginRequest += Application_LargeRequestsHandler;
    }

    private void Application_LargeRequestsHandler(object sender, EventArgs e)
    {
        var httpRuntimeSection = ConfigurationManager.GetSection("system.web/httpRuntime") as HttpRuntimeSection;

        int maxRequestLength = 0;

        if (httpRuntimeSection != null)
        {
            maxRequestLength = httpRuntimeSection.MaxRequestLength;
        }

        int maxRequestLengthSafeRange = 80;

        int maxSafeRequestLength = maxRequestLength - (maxRequestLength * (maxRequestLengthSafeRange / 100));

        bool safeRequestLengthExceeded = HttpContext.Current.Request.ContentLength > maxSafeRequestLength;

        Uri requestUrl = HttpContext.Current.Request.Url;

        string hostName = requestUrl.Authority.ToLower();

        if (safeRequestLengthExceeded)
        {
            HttpContext.Current.Response.Redirect(url: requestUrl.GetLeftPart(UriPartial.Authority) + "/Dashboard/CargaFallida");
            HttpContext.Current.Response.End();
        }
    }
}

EDIT

After a while, I refactored my code in order to detect the 404.13 status code response that is triggered on MaxRequestLengthExceeded, but right now the redirection is my problem. If I use HttpContext.Current.Response.Redirect I keep the problem, then after looking up the related question I changed it to HttpContext.Current.Server.Transfer, but it throws an "Error executing child request for path...". How could I handle this?

public class ApplicationLargeRequestsHttpModule : IHttpModule
    {
        public void Dispose()
        {
            //throw new NotImplementedException();
        }

        public void Init(HttpApplication context)
        {
            context.EndRequest += Application_LargeRequestsHandler;
        }

        /// <summary>
        /// Handler for 404.13 Responses handled by RequestFilteringModule. Protection
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void Application_LargeRequestsHandler(object sender, EventArgs e)
        {
            var responseStatusCode = HttpContext.Current.Response.StatusCode;

            var responseSubStatusCode = HttpContext.Current.Response.SubStatusCode;

            bool safeRequestLengthExceeded = responseStatusCode == (int)HttpStatusCode.NotFound 
                && responseSubStatusCode == 13;

            var httpRuntimeSection = ConfigurationManager.GetSection("system.web/httpRuntime") as HttpRuntimeSection;

            int maxRequestLength = 0;

            if (httpRuntimeSection != null)
            {
                maxRequestLength = httpRuntimeSection.MaxRequestLength;
            }


            var requestUrl = HttpContext.Current.Request.Url;      

            if (safeRequestLengthExceeded)
            {
                HttpContext.Current.Server.Transfer(path: requestUrl.LocalPath);
                //HttpContext.Current.Response.End();
            }
        }
    }
David Ortega
  • 915
  • 9
  • 25
  • 1
    What error do you get? Is it related to IIS allowed request size limit – Hemant Sakta Mar 01 '19 at 01:40
  • @HemantSakta yes I get an error that states that the request exceeded the MaxAllowedContentLength, what I wanted to do is to get the request before this Exception is triggered. – David Ortega Mar 01 '19 at 14:14
  • Please check this link https://stackoverflow.com/questions/567273/where-do-i-catch-and-handle-maxallowedcontentlength-exceeded-in-iis7, I am not sure but it is possible that IIS throws this error before hitting any module, in that case you cannot get hold of request in your code before exception is raised. – Hemant Sakta Mar 01 '19 at 18:34
  • @HemantSakta since on the error page details indicates that RequestFilteringModule is throwing this error, I browsed and found this https://learn.microsoft.com/en-us/iis/manage/configuring-security/configure-request-filtering-in-iis#request-filter-logging – David Ortega Mar 01 '19 at 19:45
  • @HemantSakta for the moment I will refactor my module to listen to 404.13 responses, although I'n not satisfied with this approach – David Ortega Mar 01 '19 at 19:46
  • Increase the `maxRequestLength` value? – mxmissile Mar 01 '19 at 21:41

0 Answers0