如何在Azure IIS请求中增加HTTP标头值的大小限制? [英] How to increase size limit for HTTP header value in request for Azure IIS?
问题描述
令牌在GET请求的Authorization标头中传递,如下所示:
授权:Bearer< token here> 使用反复试验,我发现标头值限制必须在 2048 左右,因为令牌小于该令牌的请求将不进行任何更改地传递给我的ASP.NET应用,令牌较大的请求具有授权标头已删除,在我的应用中触发了401.
应用程序已发布到Azure.请求是GET还是POST似乎都没有关系.
限制看起来类似于
使用反复试验,我发现标头值限制必须在2048附近
另一种修改限制的方法是headerLimits config部分.我们可以使用此配置部分为特定标头添加长度限制.
如果我将以下配置添加到web.config中.来自我客户的请求被阻止,并且出现以下错误.
< system.webServer><安全性>< requestFiltering>< requestLimits>< headerLimits>< add header ="Authorization" sizeLimit ="2048"/></headerLimits></requestLimits></requestFiltering></security></system.webServer>
如果我增加sizeLimit以满足请求Authorization标头的长度,例如2058.该请求将被执行.
因此,请检查您是否在web.config文件中修改了headerLimits配置部分.如果是,如果此标头的长度大于限制值,它将阻止您的请求.为了解决这个问题,我们可以增加sizeLimit的值来修改Authorization标头的限制.
Token is passed in Authorization header in GET request like this:
Authorization: Bearer <token here>
Using trial and error I figured out that header value limit must be around 2048, because requests with tokens smaller than that are passed to my ASP.NET app without any changes and requests with larger tokens have Authorization header removed triggering 401 in my app.
App is published to Azure. It doesn't seem to matter whether request is GET or POST.
Limit looks similar to querystring limit so I've increased the allowed query string and it didn't help.
IIS version: 8.0 (from response headers)
By default, the header length limit is 65536 which is set in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters registry. I tested it both on my local machine and Azure Web App. Following is the code which I tested.
On server side I use
public class HomeController : Controller
{
public ActionResult Index()
{
return Content(Request.Headers["Authorization"]);
}
}
On client side, I use
static async void SendRequest()
{
HttpClient client = new HttpClient();
string token = "";
for (int i = 0; i < 2050; i++)
{
token = token + "0";
}
client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
HttpResponseMessage message = await client.GetAsync("http://xxx.azurewebsites.net/");
string content = await message.Content.ReadAsStringAsync();
Console.WriteLine(content);
}
I can get the Authorization parameter back.
Using trial and error I figured out that header value limit must be around 2048
Another way which would modified the limit is the headerLimits config section. We could add length limit for specific header using this config section.
If I add following configuration to web.config. The request from my client was blocked and I got following error.
<system.webServer>
<security>
<requestFiltering>
<requestLimits>
<headerLimits >
<add header="Authorization" sizeLimit="2048" />
</headerLimits>
</requestLimits>
</requestFiltering>
</security>
</system.webServer>
If I increase the sizeLimit to meet the length of request Authorization header, for example 2058. The request will be executed OK.
So please check whether you have modified the headerLimits config section in your web.config file. If yes, It will block your request if the length of this header is larger than the limit value. To solve it, we can increase the value of sizeLimit to modify the limit of Authorization header.
这篇关于如何在Azure IIS请求中增加HTTP标头值的大小限制?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
