How to edit the request filtering feature settings and request limits for Azure applications?
Based on the kind of application you are developing, at times you may need to change the default parameters of IIS 7.0 on the VM to restrict or allow requests of certain lengths. Using the below explained approach you will be able to configure various other parameters on IIS to secure your application running on Azure.
Default values in IIS 7.0
> Maximum allowed content length (Bytes): 30000000
> Maximum URL lenght (Bytes): 4096
> Maximum query string (Bytes): 2048
The above values can be
modified using one of the below techniques for an Azure application:
- Using a Startup task
- Using webrole Onstart method
- Using Web.config
Using a Startup Task:
====================================================================================================================
Create a batch file : ConfigureReqFiltering.cmd
Set copy to output directory = copy always for this file. (Right click -> Properties)
%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/security/requestFiltering/requestLimits.maxQueryString:"204800" /commit:apphost
%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/security/requestFiltering/requestLimits.maxAllowedContentLength:"204800" /commit:apphost
%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/security/requestFiltering/requestLimits.maxUrl:"204800" /commit:apphost
exit / b 0
====================================================================================================================
Using WebRole Onstart method:
====================================================================================================================
Add Microsoft.Web.Administration DLL to the project reference. (Path of Microsoft.Web.Administration DLL: C:\Windows\System32\inetsrv).
Set Copy local property of the above DLL to true. (Right click on the DLL -> properties -> copy local = true)
Copy and paste the below code snippet.
public override bool OnStart()
{
public override bool OnStart()
{
ServerManager iisManager = new ServerManager();
Application app = iisManager.Sites[RoleEnvironment.CurrentRoleInstance.Id + "_Web"].Applications[0];
Configuration config = iisManager.Sites[RoleEnvironment.CurrentRoleInstance.Id + "_Web"].GetWebConfiguration();
ConfigurationSection requestFilteringSection = config.GetSection("system.webServer/security/requestFiltering");
ConfigurationElement requestLimitsElement = requestFilteringSection.GetChildElement("requestLimits");
//Set the required attribute for Query String
requestLimitsElement.SetAttributeValue("maxQueryString", 204800);
//Set the required attribute for Content lenght
requestLimitsElement.SetAttributeValue("maxAllowedContentLength", 204800);
//Set the required attribute for Max URL
requestLimitsElement.SetAttributeValue("maxUrl", 204800);
//Commit the changes done to server manager.
iisManager.CommitChanges();
return base.OnStart();
}
}
Run the WebRole in elevated execution context. (Add the below tag in servicedefinition.csdef file to run the code in elevated privileges)
<Runtime executionContext="elevated"/>
====================================================================================================================
Using Web.config:
====================================================================================================================
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!-- Web.config setting -->
<security>
<requestFiltering>
<requestLimits maxQueryString="1048000" maxAllowedContentLength="1048000" maxUrl="1048000"/>
</requestFiltering>
</security>
</system.webServer>
====================================================================================================================
If you are unable to see the interface for request filtering, you can install Microsoft Administration Pack for IIS 7.0 on the VM, which includes a user interface for request filtering.
https://www.iis.net/expand/AdministrationPack
