I'm implementing a reverse proxy on IIS with URL Rewrite and ARR. at very high level, the flow is shown below.
Browser----->(DMZ load balancer) ---> IIS 7.0 (ARR, URL Rewrite2.0, UrlScan)------>(Intranet load balancer) ----->WAS (IBM WebSphere)
IIS 7 and Windows Server 2008
The WAS servers acts as backend servers but end users access the pages thru an internet facing IIS server.
A BPM product is deployed on the WAS server and it's auto generating very long urls.
Ex: GET /testRevP/toWAS/prweb/testServlet/ZsvSk3vV8PtgJEa4_x3fiQ%5B%5B*/!MyWebApp/$STANDARD/webwb/desktop_domainsuffix_1819019784.js!yui_13833664524!desktopwrapper_12997951049!automationscripts.js!desktopwrapper_12997951049!automationscripts.js!desktopwrapper_12997951049!automationscripts.js
Note: I masked the url, but that's the structure. It's 863 characters long and If I put that note pad, file size is 685 bytes.
We increased UrlSegmentMaxLength value in registry to get around HTTP API restrictions and now stuck with an error related to UrlScan.
Fiddler log:
HTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 16 Jan 2017 19:23:07 GMT
Content-Length: 1245
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>404 - File or directory not found.</title>
<style type="text/css"></style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>404 - File or directory not found.</h2>
<h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>
</fieldset></div>
</div>
</body>
</html>
Searched thru internet, IIS.NET and found that I need to increase maxUrl value in underrequestFiltering-->requestLimits. This property is available thru UrlScan.ini file and also in web.config file. Since our environment already hasUrlScan.ini configured, do I need to updatemaxUrl there only or If I leave ini file AS IS and updatemaxUrl in my application web.config file, will this take precedence for my application?
Thanks for your help.