URL length with query string parameters

Hello,

I'm trying to make a request (GET) to a page and receive the status Error 404 - File or directory not found.

The URL (example) used has 1207 characters, which for the URL length of a GET request I think be within the limits:

https://mmachado.outsystemscloud.com/Service/SLO.aspx?SAMLRequest=nVNrb5swFP2%2BX4H8dSK8H7ECFSmNRqHNmlezfKkMdoJbAgQbSvLrR5Jl61qpmiZLV%2FLVvefcc3w9uGq3mdCQitEid4DSk4FA8qTANN84YD4biTa4cr8MGNpmagmjYlPUfEJ2NWFc8LtAc8RPrSnnJYOShEnTS2iHQZFIca%2Fk0vX5FvjSNBpPSdXQhPQQK1sgBL4DnvoyXiNL04msaUTRDcWIiaoTSzNlndg66soYq0mQM45y7gBVVvqiooiyOVMsqPWhYvdMw1wBYXHRoR51dMpyBs%2BTO6CuclggRhnM0ZYwyBM49e4i2JXCsip4kRQZcM9C4YmweovwOQBijFRHH4B78SErNjQXP7pBcSmxlMZxkRGeDqS3hBf6%2B44g8IVRUW0R%2F5z5mKFYXJ9KIa9Qzjo6DoQjxkONMrqmpPrzPP82FhCm398BfGgB%2F2WP5%2BHD6vF%2Bv1o%2BtNuw3aVZFO9X6vXc83fxTtLCrL05TG7VWXjnP77Sw4sRkklD1eVSGbGl32QbPk6GlTd%2BtvhXq%2F4x0tfR4pAOk5sUB3Nqkhdl0Ug3REKLbmOS5733rZrb%2FnAUhWRe3xrhq%2BNcTD%2Fb7F6We0rYcXuCHJPWfdJVwzaJrlrrxLBtxcCmrJkKTkzcHcOOf4G8a%2Fud%2FeunuD8B&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=nCIcLvESHO79m0fDnwa3UYP9Q8mK5EbRx6xe%2BgWyfCiHAc7yVL2moJnMj6uqnuz9QZkGyBZq2u%2FKBblafXn%2BSLzYIPptKo5Iy0Q3cyFSIdsKIXm4quys3Mc9zwCD5dGxfugLyS5fVdDrqfQ%2BBCnBB8Olf4Oc1H3XDhmqXcrpkdep%2FUiqFPNck4PU2gkUeqaZBIqybE9%2B9ogTHaQGyIsgQKvMgB8P8TySycOjj2xb2K3AiXBJWOBY%2BaPeU1YbxfChvBjy3%2FXNRiLdNMtdkmqZag2hyYJGhAs0cyl2n2s%2B78IpXDKCEu%2Bgbuhu4tC8eZdBfAxrI9c0uDCxvY0jsYjP0w%3D%3D


However (only for testing) if I cut the length of this URL to 1079 characters I can already access the page:

https://mmachado.outsystemscloud.com/Service/SLO.aspx?SAMLRequest=nVNrb5swFP2%2BX4H8dSK8H7ECFSmNRqHNmlezfKkMdoJbAgQbSvLrR5Jl61qpmiZLV%2FLVvefcc3w9uGq3mdCQitEid4DSk4FA8qTANN84YD4biTa4cr8MGNpmagmjYlPUfEJ2NWFc8LtAc8RPrSnnJYOShEnTS2iHQZFIca%2Fk0vX5FvjSNBpPSdXQhPQQK1sgBL4DnvoyXiNL04msaUTRDcWIiaoTSzNlndg66soYq0mQM45y7gBVVvqiooiyOVMsqPWhYvdMw1wBYXHRoR51dMpyBs%2BTO6CuclggRhnM0ZYwyBM49e4i2JXCsip4kRQZcM9C4YmweovwOQBijFRHH4B78SErNjQXP7pBcSmxlMZxkRGeDqS3hBf6%2B44g8IVRUW0R%2F5z5mKFYXJ9KIa9Qzjo6DoQjxkONMrqmpPrzPP82FhCm398BfGgB%2F2WP5%2BHD6vF%2Bv1o%2BtNuw3aVZFO9X6vXc83fxTtLCrL05TG7VWXjnP77Sw4sRkklD1eVSGbGl32QbPk6GlTd%2BtvhXq%2F4x0tfR4pAOk5sUB3Nqkhdl0Ug3REKLbmOS5733rZrb%2FnAUhWRe3xrhq%2BNcTD%2Fb7F6We0rYcXuCHJPWfdJVwzaJrlrrxLBtxcCmrJkKTkzcHcOOf4G8a%2Fud%2FeunuD8B&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=nCIcLvESHO79m0fDnwa3UYP9Q8mK5EbRx6xe%2BgWyfCiHAc7yVL2moJnMj6uqnuz9QZkGyBZq2u%2FKBblafXn%2BSLzYIPptKo5Iy0Q3cyFSIdsKIXm4quys3Mc9zwCD5dGxfugLyS5fVdDrqfQ%2BBCnBB8Olf4Oc1H3XDhmqXcrpkdep%2FUiqFPNck4PU2gkUeqaZBIqybE9%2B9ogTHaQGyIsgQKvMgB8P8TySycOj


What is the reason to a URL with 1207 characters not work and a URL with 1079 characters work?

Please see in attach the Service.oml module that simulates this situation.

I'm using Outsystems Service Studio 11.6.6 (build 4872) and Platform version is 11.0.424.0 .


How can I fix this?


Thanks in advance.

Mauro Machado

The reason is that IIS does indeed limit the size of the URLs in the requests, and returns a 404 error to the client if the URL exceeds this size. The maximum size IIS allows is 2048 bytes, but lower values can be configured, and I guess this is what OutSystems does.

https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/requestlimits/

A workaround for this is to use post requests, which will move the parameters from the URL to the header, but note that even then IIS still limits to the header size to 16384 bytes, and will also return a 404 error to the client if you exceed this limit. Also, as for URLs, the maximum header size can be configured to less than the IIS limit.