MaxFieldLength and MaxRequestBytes setting for a 400 Bad Request

0
votes

we have an IIS website that is returning 400 Bad Request for a very few users. we are using Windows Authentication After research, I found the below info in the HTTP.err log on the server 2020-06-05 06:44:05 10.213.144.138 53021 10.11.210.147 80 HTTP/1.1 GET / - 400 - RequestLength - I set the MaxFieldLength & MaxRequestBytes to their max values as suggested here https://docs.microsoft.com/en-us/exchange/troubleshoot/http-proxy/400-bad-request

Still the user is receiving 400 Bad request error. The user is part of around 200 AD groups and do not want to remove any of them.

1
iisiis-7.5
Is your issue solved? If your issue is solved then I request you to mark the helpful suggestion as an answer. This will help other people who face the same issue. - Jalpa Panchal

1 Answers

1
votes

Clear your cookies and try again, and see if you can reduce the size and amount of cookies your app is using.

When you set the registry key value you make sure you consider the below points:

1) Calculate the size of the user's Kerberos token by using the formula that's described in the following Knowledge Base article:

327825 Problems with Kerberos authentication when a user belongs to many groups

2) Set the value of MaxFieldLength and MaxRequestBytes on the server to 4/3 * T, where T is the user's token size in bytes. HTTP encodes the Kerberos token by using base64 encoding.

https://support.microsoft.com/en-us/help/2020943/http-400-bad-request-request-header-too-long-response-to-http-request

Note: Make sure you restarted the machine after doing changes.

you could also try to add below code in your site web.config file:

 <configuration>
        <system.webServer>
            <security>
              <requestFiltering>
                <requestLimits maxAllowedContentLength="500000000" />
              </requestFiltering>
            </security>
        <system.webServer>
     <system.web>
        <httpRuntime maxRequestLength="500000000"  executionTimeout="120" />
    </system.web>
    </configuration>

if you still face same issue try to use the fiddler or any other tool to capture network traffic and properly analyze the request and response header.