Share via

How to edit the request filtering feature settings and request limits for Azure applications?

  • Article

Based on the kind of application you are developing, at times you may need to change the default parameters of IIS 7.0 on the VM to restrict or allow requests of certain lengths. Using the below explained approach you will be able to configure various other parameters on IIS to secure your application running on Azure.  

Default values in IIS 7.0

> Maximum allowed content length (Bytes): 30000000

> Maximum URL lenght (Bytes): 4096

> Maximum query string (Bytes): 2048

The above values can be
modified using one of the below techniques for an Azure application:  

  • Using a Startup task
  • Using webrole Onstart method
  • Using Web.config

 

Using a Startup Task:

====================================================================================================================

Create a batch file : ConfigureReqFiltering.cmd

Set copy to output directory = copy always for this file. (Right click -> Properties)

%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/security/requestFiltering/requestLimits.maxQueryString:"204800" /commit:apphost

%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/security/requestFiltering/requestLimits.maxAllowedContentLength:"204800" /commit:apphost

%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/security/requestFiltering/requestLimits.maxUrl:"204800" /commit:apphost

 exit / b 0

====================================================================================================================

Using WebRole Onstart method:
====================================================================================================================

Add Microsoft.Web.Administration DLL to the project reference. (Path of Microsoft.Web.Administration DLL: C:\Windows\System32\inetsrv).     

Set Copy local property of the above DLL to true. (Right click on the DLL -> properties -> copy local = true)

Copy and paste the below code snippet.

public override bool OnStart()

{

        public override bool OnStart()

        {

            ServerManager iisManager = new ServerManager();

            Application app = iisManager.Sites[RoleEnvironment.CurrentRoleInstance.Id + "_Web"].Applications[0];

            Configuration config = iisManager.Sites[RoleEnvironment.CurrentRoleInstance.Id + "_Web"].GetWebConfiguration();

            ConfigurationSection requestFilteringSection = config.GetSection("system.webServer/security/requestFiltering");

            ConfigurationElement requestLimitsElement = requestFilteringSection.GetChildElement("requestLimits");

            //Set the required attribute for Query String

            requestLimitsElement.SetAttributeValue("maxQueryString", 204800);

            //Set the required attribute for Content lenght

            requestLimitsElement.SetAttributeValue("maxAllowedContentLength", 204800);

            //Set the required attribute for Max URL

            requestLimitsElement.SetAttributeValue("maxUrl", 204800);

            //Commit the changes done to server manager.

            iisManager.CommitChanges();

            return base.OnStart();

         }

    }

Run the WebRole in elevated execution context. (Add the below tag in servicedefinition.csdef file to run the code in elevated privileges)

<Runtime executionContext="elevated"/>

====================================================================================================================

Using Web.config:
====================================================================================================================

<system.webServer>

    <modules runAllManagedModulesForAllRequests="true" />

  <!-- Web.config setting -->

    <security>

          <requestFiltering>

                   <requestLimits maxQueryString="1048000" maxAllowedContentLength="1048000" maxUrl="1048000"/>

          </requestFiltering>

    </security>

</system.webServer>

====================================================================================================================

If you are unable to see the interface for request filtering, you can install Microsoft Administration Pack for IIS 7.0 on the VM, which includes a user interface for request filtering.

https://www.iis.net/expand/AdministrationPack

Comments

  • Anonymous
    February 27, 2014
    Hello ! Thanks for this post. The web.config file doesn't work for me. I guess this is because of the first lines missing : <?xml version="1.0" encoding="utf-8"?> <configuration> My (working) web.config file looks like the following : <?xml version="1.0" encoding="utf-8"?> <configuration>  <system.webServer>    <webSocket enabled="false" />    <handlers>      <add name="iisnode" path="server.js" verb="*" modules="iisnode"/>    </handlers>    <rewrite>      <rules>        <rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">          <match url="^server.js/debug[/]?" />        </rule>        <rule name="StaticContent">          <action type="Rewrite" url="public{REQUEST_URI}"/>        </rule>        <rule name="DynamicContent">          <conditions>            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True"/>          </conditions>          <action type="Rewrite" url="server.js"/>        </rule>      </rules>    </rewrite>    <security>      <requestFiltering>        <requestLimits maxAllowedContentLength="1073741824"/>      </requestFiltering>    </security>  </system.webServer> </configuration>