IIS对某些链接给出400错误的请求 [英] IIS gives 400 Bad Request for some links
问题描述
我正在使用ASP.NET Identity生成格式的激活URL
https://example.com/activate/token
Asp Identity生成令牌的位置,看起来像这样
<代码>氯%2bsBAAAA2qxQHU9GHUuBNXILrSEDWgAAAAACAAAAAAAQZgAAAAEAACAAAADds1gNf52iBX54Z6V%2bY5ZJEZmCmhgPetK2mEuu5pEiLwAAAAAOgAAAAAIAACAAAADjqFZ3Qrk6o22AHQDtoo%2bUNO4NZZ9RubxnuFBPTwyX/3AAAAATHRJIHkbDX2PmNxDYV0e2P5uAohDpMlpaP1C/KjV1mz5z06X7YaehipzlgLa4IxcAT8AQK%2bW4Qxq4Y3No0kaVNQRpSIzdB6cv%2bjn47IY5hburRgSPbZ6L7xvmWoreBZCCBn4SHMxbcdfAKEnkDELpQAAAAIwoV4hLdqQyV5g6WAQM/KIO 3/FKyauZKsWBI/TA/M7uq7CDiQRdZxqdO0SUO9xW851luaKDP6bi/daxEhAemzk%3D
问题有时是我收到一般性400错误的十分之一的概率约为1
错误的请求-无效的URLHTTP错误400.请求URL无效.
错误链接示例
<预> <代码> http://example.org/activate/AQAAANCMnd8BFdERjHoAwE/Cl%2bsBAAAA2qxQHU9GHUuBNXILrSEDWgAAAAACAAAAAAAQZgAAAAEAACAAAACrbeGsadAFQETqBTsIuxf%2bJZqK0JOQvGC6M250gHsTEQAAAAAOgAAAAAIAACAAAACo6YtEGtjrvRO74X2G2VAQ1pAlBWksjnLo0zGxwrVrSXAAAAA%2bFfiwK3sL%2bbzK9wbM0r7Hoy4tueNmh4CNLD%2b2HeP7IldrAq40XbeLW0zlZo3CC2qWBfaGb5Z4HjziVYVT2Fvpg6dtm9UAmI4h5BPjzIBcJo8ZpiE4Z%2bQedRpAijhMHfsV2IDNptzCREWe3Wefi9aoQAAAAPzg9TNEhsqf76Qir%2bIyMxuuPsQkVykZVYFJ9/aI3EAAWK2de2VTUsXQBgdS4OGSI4AaAUEN%2b0Akdohw3Jd8zFo%3d我认为问题出在IIS请求中的某个地方,它没有在我的应用程序中碰到任何地方,这很奇怪,在microsoft.com等其他网站上也显示了相同的错误.
例如,这将导致400错误
<预> <代码> https://microsoft.com/en-us/AQAAANCMnd8BFdERjHoAwE/Cl%2bsBAAAA2qxQHU9GHUuBNXILrSEDWgAAAAACAAAAAAAQZgAAAAEAACAAAACrbeGsadAFQETqBTsIuxf%2bJZqK0JOQvGC6M250gHsTEQAAAAAOgAAAAAIAACAAAACo6YtEGtjrvRO74X2G2VAQ1pAlBWksjnLo0zGxwrVrSXAAAAA%2bFfiwK3sL%2bbzK9wbM0r7Hoy4tueNmh4CNLD%2b2HeP7IldrAq40XbeLW0zlZo3CC2qWBfaGb5Z4HjziVYVT2Fvpg6dtm9UAmI4h5Bhsqf76Qir%2bIyMxuuPsQkVykZVYFJ9/aI3EAAWK2de2VTUsXQBgdS4OGSI4AaAUEN%2b0Akdohw3Jd8zFo%3d但是这个404错误
<预> <代码> https://www.microsoft.com/en-us/AQAAANCMnd8BFdERjHoAwE/Cl%2bsBAAAA2qxQHU9GHUuBNXILrSEDWgAAAAACAAAAAAAQZgAAAAEAACAAAAAbr0DBVHVcY2tO3Rvvk15d5%2bIuV3usPJmD2FTF15vpbwAAAAAOgAAAAAIAACAAAAAXddKnTogsgCGRRhIzbXbk14fsjcLJ5L0q5C/dRfsYlHAAAAAlAw9iARuxhShyGfzE6ZF193fX7zvxLnOfjgh74G5oLc5RPIVdQ7O8sJdj5H0BnysPxrCMk965izZRqjBKGZFNl6smYdmaGy5aPqxI1kTez%2bhHQH1GMW3GUmF%2bRoYdRqcmJLErgcb4sgMa7UGA16X1QAAAAJTk6s6OzBuA2B8whkUdwQnrCS2xgf7QR%2blA%2bm7UqUdXuhQfiFkL/oCINhyrJt%2bWJsjxvGhOcsW15DtzyqKvlWY%3d看起来长度有时有意义,但不是吗?类似问题,但由已知字符引起-解决方案
我认为这是由网址段的最大长度(UrlSegmentMaxLength)引起的.
来源: https://support.microsoft.com/it-it/help/820129/http-sys-registry-settings-for-windows
I'm using ASP.NET Identity for generating activation urls in format
https://example.com/activate/token
Where token is generated by Asp Identity and looks like this
Cl%2bsBAAAA2qxQHU9GHUuBNXILrSEDWgAAAAACAAAAAAAQZgAAAAEAACAAAADds1gNf52iBX54Z6V%2bY5ZJEZmCmhgPetK2mEuu5pEiLwAAAAAOgAAAAAIAACAAAADjqFZ3Qrk6o22AHQDtoo%2bUNO4NZZ9RubxnuFBPTwyX/3AAAAATHRJIHkbDX2PmNxDYV0e2P5uAohDpMlpaP1C/KjV1mz5z06X7YaehipzlgLa4IxcAT8AQK%2bW4Qxq4Y3No0kaVNQRpSIzdB6cv%2bjn47IY5hburRgSPbZ6L7xvmWoreBZCCBn4SHMxbcdfAKEnkDELpQAAAAIwoV4hLdqQyV5g6WAQM/kiO3/FKyauZKsWBI/tA/M7uq7CDiQRdZxqdO0SUO9xW851luaKDP6bi/daxEhAemzk%3d
Problem is sometimes ~1 in 10 times I get generic 400 error
Bad Request - Invalid URL
HTTP Error 400. The request URL is invalid.
Example bad link
http://example.org/activate/AQAAANCMnd8BFdERjHoAwE/Cl%2bsBAAAA2qxQHU9GHUuBNXILrSEDWgAAAAACAAAAAAAQZgAAAAEAACAAAACrbeGsadAFQETqBTsIuxf%2bJZqK0JOQvGC6M250gHsTEQAAAAAOgAAAAAIAACAAAACo6YtEGtjrvRO74X2G2VAQ1pAlBWksjnLo0zGxwrVrSXAAAAA%2bFfiwK3sL%2bbzK9wbM0r7Hoy4tueNmh4CNLD%2b2HeP7IldrAq40XbeLW0zlZo3CC2qWBfaGb5Z4HjziVYVT2Fvpg6dtm9UAmI4h5BPjzIBcJo8ZpiE4Z%2bQedRpAijhMHfsV2IDNptzCREWe3Wefi9aoQAAAAPzg9TNEhsqf76Qir%2bIyMxuuPsQkVykZVYFJ9/aI3EAAWK2de2VTUsXQBgdS4OGSI4AaAUEN%2b0Akdohw3Jd8zFo%3d
I think the problem is somewhere in IIS request is not hitting my application anywhere and, that's very strange, same error is showing on other websites like microsoft.com.
Eg.this makes 400 error
https://microsoft.com/en-us/AQAAANCMnd8BFdERjHoAwE/Cl%2bsBAAAA2qxQHU9GHUuBNXILrSEDWgAAAAACAAAAAAAQZgAAAAEAACAAAACrbeGsadAFQETqBTsIuxf%2bJZqK0JOQvGC6M250gHsTEQAAAAAOgAAAAAIAACAAAACo6YtEGtjrvRO74X2G2VAQ1pAlBWksjnLo0zGxwrVrSXAAAAA%2bFfiwK3sL%2bbzK9wbM0r7Hoy4tueNmh4CNLD%2b2HeP7IldrAq40XbeLW0zlZo3CC2qWBfaGb5Z4HjziVYVT2Fvpg6dtm9UAmI4h5Bhsqf76Qir%2bIyMxuuPsQkVykZVYFJ9/aI3EAAWK2de2VTUsXQBgdS4OGSI4AaAUEN%2b0Akdohw3Jd8zFo%3d
but this 404 error
https://www.microsoft.com/en-us/AQAAANCMnd8BFdERjHoAwE/Cl%2bsBAAAA2qxQHU9GHUuBNXILrSEDWgAAAAACAAAAAAAQZgAAAAEAACAAAAAbr0DBVHVcY2tO3Rvvk15d5%2bIuV3usPJmD2FTF15vpbwAAAAAOgAAAAAIAACAAAAAXddKnTogsgCGRRhIzbXbk14fsjcLJ5L0q5C/dRfsYlHAAAAAlAw9iARuxhShyGfzE6ZF193fX7zvxLnOfjgh74G5oLc5RPIVdQ7O8sJdj5H0BnysPxrCMk965izZRqjBKGZFNl6smYdmaGy5aPqxI1kTez%2bhHQH1GMW3GUmF%2bRoYdRqcmJLErgcb4sgMa7UGA16X1QAAAAJTk6s6OzBuA2B8whkUdwQnrCS2xgf7QR%2blA%2bm7UqUdXuhQfiFkL/oCINhyrJt%2bWJsjxvGhOcsW15DtzyqKvlWY%3d
It looks like length sometimes have meaning but not really? Similar question but caused by known characters - %09 in a URL causes IIS (HTTP.SYS?) to return HTTP 400 immediately
PS. Url in format http://example.com/activate?token=token
work fine
I think it is caused by the max length for Url segment (UrlSegmentMaxLength).
Source: https://support.microsoft.com/it-it/help/820129/http-sys-registry-settings-for-windows
这篇关于IIS对某些链接给出400错误的请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!