I had a problem the other day that I believe qualifies as a blog post. An elmah.io user reported that refreshing the organization overview would generate a 404. After debugging the problem, I found out that the URL generated by that page can be too long. This post is an explanation of the error and how to fix it.
The error
When looking at the error generated on localhost, I saw the following:
And in text:
HTTP Error 404.15 - Not Found
The request filtering module is configured to deny a request where the query string is too long
When looking at the Requested URL field at the bottom of the screenshot, it is clear that the URL is long. IIS enforces some limitations in the number of characters accepted as part of the query string. As suggested by the error message, this can be fixed by modifying the maxQueryString
settings in the web.config
file. Let's quickly recap the structure of an URL:
Protocol | Domain | Path | Query string | Fragment |
---|---|---|---|---|
https:// | app.elmah.io | /errorlog/search/ | ?logId=42 | #overviewTab |
The error above is on the query string part, but there are other limitations as well. For the Path part, IIS also limits the number of allowed characters. This setting is named maxUrl
, which doesn't make a lot of sense (IMO) when looking at the breakdown above. Both maxQueryString
and maxUrl
have default values, as shown below:
Protocol | Domain | Path | Query string | Fragment | |
---|---|---|---|---|---|
https:// | app.elmah.io | /errorlog/search/ | ?logId=42 | #overviewTab | |
Max length | 4096 | 2048 |
The default values are quite decent and cover most scenarios. To support a very long query string (or path) as illustrated by this error, there's an easy fix.
The fix
As you probably already guessed, the fix is to change the maxQueryString
setting (or maxUrl
if the problem is in the path). To do so, modify the security
element in the web.config
file:
<configuration>
...
<system.webServer>
...
<security>
<requestFiltering>
<requestLimits maxQueryString="8192" />
</requestFiltering>
</security>
</system.webServer>
</configuration>
In this example I have quadrupled the allowed number of characters in the query string.
For older websites, you need to change the setting as part of the system.web
element:
<configuration>
...
<system.web>
...
<httpRuntime ... maxQueryStringLength="8192" />
</system.web>
</configuration>
Notice that when using the httpRuntime
element to configure max length, different default values exist. Most modern websites don't need to worry about this, though.