Sysadmins of the North
Don't forget to share this post!

"The length of the URL for this request exceeds the configured maxUrlLength value"

The length of the URL for this request exceeds the configured maxUrlLength value is an IIS error telling you the length of the given URL exceeds a limit. The Windows Server IIS maximum URL length is defined by the HttpRuntimeSection.MaxUrlLength property. Its value is 260 characters. This may cause problems with longer than configured maxUrlLength URL’s, and here is how to resolve this issue…

IIS HttpRuntimeSection.MaxUrlLength property: get or set the maximum URL length in IIS

The HttpRuntimeSection.MaxUrlLength property gets or sets the maximum possible URL length, in number of characters, in an HTTP request for Windows Server IIS. If an HTTP request is made with a URL longer than defined by maxUrlLength, the following error message is displayed:

Server Error in '/' Application.

The length of the URL for this request exceeds the configured maxUrlLength value.

[HttpException (0x80004005): The length of the URL for this request exceeds the configured maxUrlLength value.]
   System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +9020628
   System.Web.PipelineStepManager.ValidateHelper(HttpContext context) +59
IIS Length of URL for request exceeds maxUrlLength value
IIS Length of URL for request exceeds maxUrlLength value

One reason for such a long URL could be the rewriting and minification of CSS stylesheets and JavaScripts. An Magento extension like Fooman Speedster does this, or Autoptimize for WordPress.

How to increase the maximum MaxUrlLength setting in web.config

Fortunately you can fix this error by increasing the maximum URL length allowed (maxUrlLength value) in IIS. Add to your web.config file:

<configuration>
  <system.web>
    <httpRuntime maxUrlLength="500" />
  </system.web>
</configuration>

Increase IIS URL size limit – IIS Request Limits

Another option to increase the URL size limit is to configure the <requestLimits> element. The <requestLimits> element specifies limits on HTTP requests that are processed by the web server.

This may interest you:   Silently import .reg file in your Windows registry

These limits include the maximum size of a request, the maximum URL length, and the maximum length for a query string.

Protip: are you wondering how to enable NTFS long paths in Windows Server 2016, to increase the 260 characters limitation for NTFS paths?

Request Filtering IIS
Increase IIS URL size and length

Set the Maximum allowed content length, Maximum URL length (Bytes) and Maximum query string (Bytes) to your desired values. The default maximum query string length in IIS is 2048 characters.

When a query string is received by IIS that is longer than 2048 characters, IIS throws a 404.15 - Query String too long error. A value of 2083 characters is the maximum URL length for Internet Explorer by default, and an 404.14 – URL too long error is thrown when a longer URL is requested.

You can increase this maximum URL length value in your web.config, but it’s still browser specific.

IIS Request Limits attributes

What are the maximum IIS Request Limits attributes?

  • maxAllowedContentLength: Optional uint attribute. Specifies the maximum length of content in a request, in bytes. The default value is 30000000, which is approximately 28.6 MB
  • maxQueryString: Optional uint attribute. Specifies the maximum length of the query string, in bytes. The default value is 2048
  • maxUrl: Optional uint attribute. Specifies maximum length of the URL, in bytes. The default value is 4096
  • (Source IIS.net requestlimits)
This may interest you:   How to block BaiduSpider bot User-Agent?

IIS HeaderLimits – not really related, but my come in handy.

The <headerLimits> element of the <requestFiltering> collection contains a collection of <add> elements that specify the maximum size in bytes for HTTP headers.

The following code sample will configure IIS to deny access for HTTP requests where the length of the “Content-type” header is greater than 100 bytes.

# XML
<configuration>
   <system.webServer>
      <security>
         <requestFiltering>
            <requestLimits>
               <headerLimits>
                  <add header="Content-type" sizeLimit="100" />
               </headerLimits>
            </requestLimits>
         </requestFiltering>
      </security>
   </system.webServer>
</configuration>

# AppCmd
appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"requestLimits.headerLimits.[header='Content-type',sizeLimit='100']"

# PowerShell
$requestLimits = Get-IISConfigSection -CommitPath 'Default Web Site' -SectionPath 'system.webServer/security/requestFiltering' | Get-IISConfigElement -ChildElementName 'requestLimits'
$headerLimits = Get-IISConfigCollection -ConfigElement $requestLimits -CollectionName 'headerLimits'
New-IISConfigCollectionElement -ConfigCollection $headerLimits -ConfigAttribute @{ 'header'='Content-Type'; 'sizeLimit'=100 }

buy me a coffee
Buy Me A Coffee

About the Author Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, WordPress, websites & optimization. Want to support me and donate? Use this link: https://paypal.me/jreilink.

follow me on:

Leave a Comment:

1 comment
Add Your Reply
Skip to content