IIS 7.5 Mercurial设置忽略maxAllowedContentLength [英] IIS 7.5 Mercurial setup ignoring maxAllowedContentLength
问题描述
我正在尝试在IIS 7.5上设置Mercurial。我有一个应用程序目录的web.config忽略 maxAllowedContentLength 属性,我只是不能让IIS接受它!我在全球,本地和各个层面尝试过千种不同的方式。它坚持默认的30MB并拒绝让我推动大于此的变更集。它甚至没有关闭连接,它只是达到30MB并完全停止。这不是超时问题,我尝试从本地计算机推送到其IP地址。
I'm trying to setup Mercurial on IIS 7.5. I have a web.config for an application directory that is ignoring the maxAllowedContentLength attribute and I simply cannot get IIS to accept it! I've tried it a thousand different ways at global, local, and every level. It sticks by its default of 30MB and refuses to let me push changesets that are larger than that. It doesn't even close the connection, it just gets to 30MB and stalls completely. It's not a timeout issue, I've tried pushing from the local machine to its IP address.
到底发生了什么?
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="Python" path="*.cgi" verb="*" modules="CgiModule" scriptProcessor="C:\Python27\python.exe -u "%s"" resourceType="Unspecified" requireAccess="Script" />
</handlers>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering>
</security>
<rewrite>
<rules>
<rule name="rewrite to hgwebdir" patternSyntax="Wildcard">
<match url="*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions>
<action type="Rewrite" url="hgweb.cgi/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
<!-- I don't know if this is supposed to work... it doesn't matter where I put the settings. -->
<location path="*">
<system.web>
<!-- maxRequestLength is in kilobytes (KB) -->
<httpRuntime maxRequestLength="1048576" /> <!-- 1GB -->
</system.web>
<system.webServer>
<security>
<requestFiltering>
<!-- maxAllowedContentLength is in bytes (B) -->
<requestLimits maxAllowedContentLength="1073741824"/> <!-- 1GB -->
</requestFiltering>
</security>
</system.webServer>
</location>
</configuration>
推荐答案
我找到了几种处理这个问题的方法:
I found a few ways of dealing with this issue:
要在IIS中修复此服务器端,请下载并安装 https://www.nartac.com/Products/IISCrypto/Default.aspx 并单击BEAST按钮,或通过禁用其他协议强制使用SSL3.0。
To fix this server-side in IIS, download and install https://www.nartac.com/Products/IISCrypto/Default.aspx and click the BEAST button, or force SSL3.0 by disabling other protocols.
如果您无权访问IIS服务器,可以通过将Python回滚到2.7.2或更早版本来修复它。
If you don't have access to the IIS server, you can fix it by rolling back Python to version 2.7.2 or earlier.
如果您有冒险精神,可以修改sslutil.py中的mercurial源,靠近顶部,更改行
If you are adventurous, you can modify the mercurial source in sslutil.py, near the top, change the line
sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
cert_reqs=cert_reqs, ca_certs=ca_certs)
到
from _ssl import PROTOCOL_SSLv3
sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
cert_reqs=cert_reqs, ca_certs=ca_certs, ssl_version=PROTOCOL_SSLv3)
这将解决问题并修复IIS后面的mercurial推送限制。
This will work around the problem and fix the push limit to mercurial behind IIS.
如果您对Python 2.7.3打破此问题感兴趣,请查看在 http://bugs.python.org/issue13885 上进行解释(与安全相关)。如果你想修改Python本身,在Modules / _ssl.c中更改行
If you are interested in why Python 2.7.3 broke this, look at http://bugs.python.org/issue13885 for the explanation (it is security-related). If you want to modify Python itself, in Modules/_ssl.c change the line
SSL_CTX_set_options(self->ctx,
SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
回到2.7.3之前的状态:
back to how it was prior to 2.7.3:
SSL_CTX_set_options(self->ctx, SSL_OP_ALL);
编译并重新安装python等。如果以潜在的安全风险为代价,这会增加更多的SSL兼容性,如果我正确理解OpenSSL文档。
Compile and reinstall python, etc. This adds more SSL compatibility at the expense of potential security risks, if I understand the OpenSSL docs correctly.
这篇关于IIS 7.5 Mercurial设置忽略maxAllowedContentLength的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
