Re: ASP.NET 2.0 maximum URL length?

I still need an answer to the question:
which setting is limiting URL length to 260 right now, with no URLScan
explicitly installed on my IIS7/Vista system?

Also, if it's IIS setting, why is it applied only to AXD and ASPX URLs, but
not to HTML? I would appreciate the explanation of the difference.

Regarding obfuscated URLs, the application acts as an intermediary and has
to pass through URLs as long as target system demands - the URL length
requirement is not up to this system's spec.

--
Vlad Hrybok
http://UltiDev.com


"Juan T. Llibre" wrote:

re:
!> According to the article you linked to MaxUrl value of 260 is limited by
!> URLScan - an add-on tool I have not installed.

Install URLScan, then.
It's a recommended install for IIS 4.0 and 5.0, anyway.

Download URLScan 2.5 from :
http://www.microsoft.com/downloads/details.aspx?familyid=23d18937-dd7e-4613-9928-7f94ef1c902a&displaylang=en

MaxUrl specifies the maximum length of the request URL, not including the query string.

If you include the query string, that limit is 2,083 or 2,048 characters, if you're using IE.

The max length including the request Url *and*
the query string, is a browser feature, not a server feature.

re:
!> which leads me to the conclusion it is ASP.NET, and not IIS
!> setting that affects the behavior

It's not an ASP.NET setting. It's an IIS setting.

Btw, many users are wary of gobbledygook URLs like the one you're attempting to implement.

Do you *absolutely* need purposely obfuscated, very long, URLs ?
Hackers make use of long URLs to induce buffer overruns in unpatched clients.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"Vlad Hrybok" <vgribok@xxxxxxxxxxxxxxxxx> wrote in message
news:1C87C834-EE12-43D4-9212-93972E97AD1F@xxxxxxxxxxxxxxxx
Juan,

According to the article you linked to MaxUrl value of 260 is limited by
URLScan - an add-on tool I have not installed. Besides, I can make the URL
longer than 260 and not get HTTP 400 as long as I make URL end with .HTML,
not ASPX/AXD, which leads me to the conclusion it is ASP.NET, and not IIS
setting that affects the behavior. Are there ASP.NET settings limiting the
length of the URL?

--
Vlad Hrybok
http://UltiDev.com


"Juan T. Llibre" wrote:

re:
!> I am getting HTTP 400 "Bad Request" for the following URL:

Hi, Vlad.

What you're running into is the default 260 character URL limit.

/HTTPVPNWebPortal/62ccc22e-069b-441e-b9f0-83b45e7f4f1e/UdVpnSGFuZGxlcnMvQ292ZXJBcnQuYXNoe
D9DJTNhJTVjRG9jdW1lbnRzK2FuZCtTZXR0aW5ncyU1Y011c2hyb29tJTVjTXkrRG9jdW1lbnRzJTVjTXkrTXV
zaWMlNWNGcmVuY2glNWNBbWVpbGUlNWNZYW5uK1RpZXJzZW4rLStMYStOb3llZS5tcDM=/SecureTunnel.axd

....is exactly 261 characters long.

The way to change that limit depends on which version of IIS you use.

See the section titled "IIS HTTP GET and POST Limits" in this IIS Insider article:
http://www.microsoft.com/technet/community/columns/insider/iisi1205.mspx
....for instructions on how to change that limit in IIS 4.0, 5.0 and 6.0.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/





.

Quantcast