The UrlScan security tool redirects HTTP POST requests to the "Page cannot be displayed" page when the content length exceeds the MaxAllowedContentLength value in IIS (839565)
The information in this article applies to:
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Server 4.0
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site: SYMPTOMSIf the content length in an HTTP POST request exceeds the value of the MaxAllowedContentLength parameter that is specified in the Urlscan.ini file, the UrlScan security tool redirects the request to the Page cannot be
displayed error page instead of to the page that is specified in the value of the RejectResponseURL parameter.WORKAROUNDTo avoid this behavior, comment the MaxAllowedContentLength parameter in the Urlscan.ini file, and then manually redirect the request to the page that you want when Request.TotalBytes exceeds the value of the MaxAllowedContentLength parameter. For example, after you comment the MaxAllowedContentLength parameter in the Urlscan.ini file, modify the code as in the following sample code: <%
'Check the length of content that is posted.
IF Request.TotalBytes<3000000 THEN
'
'//Put your code here.
'
ELSE
'
'//Put the code to redirect the request to the page that you want here.
'
END IF
%> STATUS This behavior is by
design.REFERENCESFor more information about the UrlScan security tool, visit following Microsoft Development
Network (MSDN) Web site:
For additional information about how to upload files by using ASP, click the following article number to view the article in the Microsoft Knowledge Base:
299692
HOW TO: Upload files to a Web server by using ASP
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Modification Type: | Minor | Last Reviewed: | 6/23/2005 |
---|
Keywords: | kbSecurity kbenable kbConfig kbService kbhttp404 kbhttp kbprb KB839565 kbAudDeveloper |
---|
|