Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WCF GET URL Length Limit Issue: Bad Request - Invalid URL

I tried to access a WCF Service through jQuery AJAX call with GET method. So, sometimes the URL is lengthy with parameters.

When the parameters becomes so lengthy, jQuery AJAX Call fails, and returns nothing. So I put a break point and took the URL out to test. When I try the same URL in the browser (I tried FireFox and Chrome), it returns the following when the URL length is too long.

Bad Request - Invalid URL

HTTP Error 400. The request URL is invalid.

I checked the length limitation as well. When the number of characters in the URL (in encoded format) exceeds 1011 characters (including http://) only I get the error.

Anyone has the same situation and found any solution to this? Is it Windows Limitation or Can it be managed through any settings programmatically?

I tried POST method, but I don't know I could not make it work. Because it needs some web.config changes.

EDIT

The URL I have Tested to Generate the Error

http://localhost:64973/Member.svc/SaveMemberWithDetail/%7B%22ID%22%7C%222%22,%22TypeID%22%7C%222%22,%22Title%22%7C%22Mr.%22,%22FirstName%22%7C%22Firnas%22,%22MiddleName%22%7C%22%22,%22LastName%22%7C%22Aliyar%22,%22Gender%22%7C%221%22,%22DateOfBirth%22%7C%222000-01-01%22,%22Nationality%22%7C%22Sri%20Lankan%22%7D/%5B%7B%22AddressLine1%22%7C%22Changed%20Address%20Line1%22,%22AddressLine2%22%7C%22Colombo%22,%22City%22%7C%22Colombo%2010%22,%22State%22%7C%22WP%22,%22PostCode%22%7C%2201000%22,%22CountryID%22%7C%221%22,%22ID%22%7C%227%22,%22TypeID%22%7C%221%22%7D%5D/%5B%7B%22Telephone%22%7C%22015154645%22,%22TypeID%22%7C%221%22%7D%5D/%5B%7B%22EmailAddress%22%7C%22gen1@dfs%22,%22ID%22%7C%2226%22,%22TypeID%22%7C%221%22%7D,%7B%22EmailAddress%22%7C%22gen2@jfasd%22,%22ID%22%7C%2227%22,%22TypeID%22%7C%221%22%7D,%7B%22EmailAddress%22%7C%[email protected]%22,%22ID%22%7C%2228%22,%22TypeID%22%7C%221%22%7D,%7B%22EmailAddress%22%7C%[email protected]%22,%22ID%22%7C%2229%22,%22TypeID%22%7C%221%22%7D,%7B%22EmailAddress%22%7C%[email protected]%22,%22ID%22%7C%2229%22,%22TypeID%22%7C%221%22%7D%5D/%7B%7D/481

Unencoded version of URL:

http://localhost:64973/Member.svc/SaveMemberWithDetail/{"ID"|"2","TypeID"|"2","Title"|"Mr.","FirstName"|"Firnas","MiddleName"|"","LastName"|"Aliyar","Gender"|"1","DateOfBirth"|"2000-01-01","Nationality"|"Sri Lankan"}/[{"AddressLine1"|"Changed Address Line1","AddressLine2"|"Colombo","City"|"Colombo 10","State"|"WP","PostCode"|"01000","CountryID"|"1","ID"|"7","TypeID"|"1"}]/[{"Telephone"|"015154645","TypeID"|"1"}]/[{"EmailAddress"|"gen1@dfs","ID"|"26","TypeID"|"1"},{"EmailAddress"|"gen2@jfasd","ID"|"27","TypeID"|"1"},{"EmailAddress"|"[email protected]","ID"|"28","TypeID"|"1"},{"EmailAddress"|"[email protected]","ID"|"29","TypeID"|"1"},{"EmailAddress"|"[email protected]","ID"|"29","TypeID"|"1"}]/{}/481

My Parameters are set of Json Objects. I don't think any of the characters cause the problem, because, if I just reduce few alpha numeric characters to less than the limit, it works.

I'm running my application in Visual Studio 2012 Premium in Windows 8 Professional, so it's .NET 4.5 and IIS Express Came with it.

Further Research

When I try to investigate this further, this is not the limitation I have already mentioned which is the length of full url. But, there is a limitation of length in each parameter which is 260 characters.

So, I'm not sure about URL total length, but each parameter (seperated by "/") has the limit. The problem with the above URL which I have posted is Email Address JSON parameter is 261 characters long, given below.

[{"EmailAddress"|"gen1@dfs","ID"|"26","TypeID"|"1"},{"EmailAddress"|"gen2@jfasd","ID"|"27","TypeID"|"1"},{"EmailAddress"|"[email protected]","ID"|"28","TypeID"|"1"},{"EmailAddress"|"[email protected]","ID"|"29","TypeID"|"1"},{"EmailAddress"|"[email protected]","ID"|"29","TypeID"|"1"}]

If I delete 1 character from this, it works.

Is it Browser Limitation? OS Limitation?

UPDATE: SOLUTION

I Found a solution which worked for me, when I research further on this. I'm updating here since it might be useful for others who come across this question.

This is an IIS Setting

The problem is because, the default character limit of each parameter in REST url is 260 which is defined in the registry.

So, you have to update the registry to increase this size limit where the IIS Server / IIS Express is running.

Following is the location of Registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters

And the value name is UrlSegmentMaxLength. If it is not there, create one with Type of REG_DWORD. And specify a higher value for value data such as 1000 in hexadecimal or 4096 in decimal.

This is a http.sys setting. More about http.sys settings : http://support.microsoft.com/kb/820129

Make sure, you restart the server/machine to apply the registry changes. And that's it.

like image 779
Firnas Avatar asked Feb 21 '13 14:02

Firnas


3 Answers

Reposting the update as Answer, since some of you might jump directly into the Answers section.

I Found a solution which worked for me, when I research further on this. I'm updating here since it might be useful for others who come across this question.

This is an IIS Setting

The problem is because, the default character limit of each parameter in REST url is 260 which is defined in the registry.

So, you have to update the registry to increase this size limit where the IIS Server / IIS Express is running.

Following is the location of Registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters And the value name is UrlSegmentMaxLength. If it is not there, create one with Type of REG_DWORD. And specify a higher value for value data such as 1000 in hexadecimal or 4096 in decimal.

This is a http.sys setting. More about http.sys settings : http://support.microsoft.com/kb/820129

Make sure, you restart the server/machine to apply the registry changes. And that's it.

like image 120
Firnas Avatar answered Nov 23 '22 22:11

Firnas


A couple things to think about:

1) You shouldn't use a GET to do saving of data, use POST when possible. The main reason has to do with security. Using GET opens you up to more potential CSRF attacks. Keep in mind that POST is not immune to CSRF, but using it reduces the vulnerability a bit.

2) Looking at the URL, the commas look out of place to me and could be why you are getting invalid URL errors.

3) What version of IIS are you running under? This may determine what you have to do to increase the max URL Length.

For IIS7 you could add to System.Web in the config file:

<httpRuntime maxUrlLength="2000" />

EDIT:

You should try changing it to a POST again as it won't try mapping it to a file system.

From MSDN the windows api only allows 260.

In the Windows API (with some exceptions discussed in the following paragraphs), the maximum length for a path is MAX_PATH, which is defined as 260 characters. A local path is structured in the following order: drive letter, colon, backslash, name components separated by backslashes, and a terminating null character. For example, the maximum path on drive D is "D:\some 256-character path string" where "" represents the invisible terminating null character for the current system codepage. (The characters < > are used here for visual clarity and cannot be part of a valid path string.)

like image 36
Chris Holwerda Avatar answered Nov 23 '22 23:11

Chris Holwerda


Adding another answer just for completeness. In my case I had all the right values in web.config:

    <system.web>
    ...
        <!--Make sure to keep maxAllowedContentLength and maxRequestLength are in Synch-->
        <!--This is for ASP.NET and is in KBytes-->
        <httpRuntime maxRequestLength="50000" maxUrlLength="3000" maxQueryStringLength="3000"/>
    </system.web>
...
  <system.webServer>
    <security>
      <requestFiltering>
        <!--This is for IIS7+ and is in Bytes (Equivalent to 50MB)-->
        <requestLimits maxAllowedContentLength="52428800" maxQueryString="3000" />
      </requestFiltering>
    </security>
  </system.webServer>
...

However, I was still getting the 400 error on one of the IIS servers. After more investigation and configuration comparison it turned out that the UrlScan IIS module was the culprit. By uninstalling the module or editing the UrlScan.ini file to modify max length values the issue has been resolved:

...
[RequestLimits]
MaxAllowedContentLength=104857600
MaxUrl=3000
MaxQueryString=3000
like image 39
Slobodan Savkovic Avatar answered Nov 24 '22 00:11

Slobodan Savkovic