471
Views
7
Comments
URL length with query string parameters
Question

Hello,

I'm trying to make a request (GET) to a page and receive the status Error 404 - File or directory not found.

The URL (example) used has 1207 characters, which for the URL length of a GET request I think be within the limits:

https://mmachado.outsystemscloud.com/Service/SLO.aspx?SAMLRequest=nVNrb5swFP2%2BX4H8dSK8H7ECFSmNRqHNmlezfKkMdoJbAgQbSvLrR5Jl61qpmiZLV%2FLVvefcc3w9uGq3mdCQitEid4DSk4FA8qTANN84YD4biTa4cr8MGNpmagmjYlPUfEJ2NWFc8LtAc8RPrSnnJYOShEnTS2iHQZFIca%2Fk0vX5FvjSNBpPSdXQhPQQK1sgBL4DnvoyXiNL04msaUTRDcWIiaoTSzNlndg66soYq0mQM45y7gBVVvqiooiyOVMsqPWhYvdMw1wBYXHRoR51dMpyBs%2BTO6CuclggRhnM0ZYwyBM49e4i2JXCsip4kRQZcM9C4YmweovwOQBijFRHH4B78SErNjQXP7pBcSmxlMZxkRGeDqS3hBf6%2B44g8IVRUW0R%2F5z5mKFYXJ9KIa9Qzjo6DoQjxkONMrqmpPrzPP82FhCm398BfGgB%2F2WP5%2BHD6vF%2Bv1o%2BtNuw3aVZFO9X6vXc83fxTtLCrL05TG7VWXjnP77Sw4sRkklD1eVSGbGl32QbPk6GlTd%2BtvhXq%2F4x0tfR4pAOk5sUB3Nqkhdl0Ug3REKLbmOS5733rZrb%2FnAUhWRe3xrhq%2BNcTD%2Fb7F6We0rYcXuCHJPWfdJVwzaJrlrrxLBtxcCmrJkKTkzcHcOOf4G8a%2Fud%2FeunuD8B&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=nCIcLvESHO79m0fDnwa3UYP9Q8mK5EbRx6xe%2BgWyfCiHAc7yVL2moJnMj6uqnuz9QZkGyBZq2u%2FKBblafXn%2BSLzYIPptKo5Iy0Q3cyFSIdsKIXm4quys3Mc9zwCD5dGxfugLyS5fVdDrqfQ%2BBCnBB8Olf4Oc1H3XDhmqXcrpkdep%2FUiqFPNck4PU2gkUeqaZBIqybE9%2B9ogTHaQGyIsgQKvMgB8P8TySycOjj2xb2K3AiXBJWOBY%2BaPeU1YbxfChvBjy3%2FXNRiLdNMtdkmqZag2hyYJGhAs0cyl2n2s%2B78IpXDKCEu%2Bgbuhu4tC8eZdBfAxrI9c0uDCxvY0jsYjP0w%3D%3D


However (only for testing) if I cut the length of this URL to 1079 characters I can already access the page:

https://mmachado.outsystemscloud.com/Service/SLO.aspx?SAMLRequest=nVNrb5swFP2%2BX4H8dSK8H7ECFSmNRqHNmlezfKkMdoJbAgQbSvLrR5Jl61qpmiZLV%2FLVvefcc3w9uGq3mdCQitEid4DSk4FA8qTANN84YD4biTa4cr8MGNpmagmjYlPUfEJ2NWFc8LtAc8RPrSnnJYOShEnTS2iHQZFIca%2Fk0vX5FvjSNBpPSdXQhPQQK1sgBL4DnvoyXiNL04msaUTRDcWIiaoTSzNlndg66soYq0mQM45y7gBVVvqiooiyOVMsqPWhYvdMw1wBYXHRoR51dMpyBs%2BTO6CuclggRhnM0ZYwyBM49e4i2JXCsip4kRQZcM9C4YmweovwOQBijFRHH4B78SErNjQXP7pBcSmxlMZxkRGeDqS3hBf6%2B44g8IVRUW0R%2F5z5mKFYXJ9KIa9Qzjo6DoQjxkONMrqmpPrzPP82FhCm398BfGgB%2F2WP5%2BHD6vF%2Bv1o%2BtNuw3aVZFO9X6vXc83fxTtLCrL05TG7VWXjnP77Sw4sRkklD1eVSGbGl32QbPk6GlTd%2BtvhXq%2F4x0tfR4pAOk5sUB3Nqkhdl0Ug3REKLbmOS5733rZrb%2FnAUhWRe3xrhq%2BNcTD%2Fb7F6We0rYcXuCHJPWfdJVwzaJrlrrxLBtxcCmrJkKTkzcHcOOf4G8a%2Fud%2FeunuD8B&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=nCIcLvESHO79m0fDnwa3UYP9Q8mK5EbRx6xe%2BgWyfCiHAc7yVL2moJnMj6uqnuz9QZkGyBZq2u%2FKBblafXn%2BSLzYIPptKo5Iy0Q3cyFSIdsKIXm4quys3Mc9zwCD5dGxfugLyS5fVdDrqfQ%2BBCnBB8Olf4Oc1H3XDhmqXcrpkdep%2FUiqFPNck4PU2gkUeqaZBIqybE9%2B9ogTHaQGyIsgQKvMgB8P8TySycOj


What is the reason to a URL with 1207 characters not work and a URL with 1079 characters work?

Please see in attach the Service.oml module that simulates this situation.

I'm using Outsystems Service Studio 11.6.6 (build 4872) and Platform version is 11.0.424.0 .


How can I fix this?


Thanks in advance.

Mauro Machado

Service.oml

The reason is that IIS does indeed limit the size of the URLs in the requests, and returns a 404 error to the client if the URL exceeds this size. The maximum size IIS allows is 2048 bytes, but lower values can be configured, and I guess this is what OutSystems does.

https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/requestlimits/

A workaround for this is to use post requests, which will move the parameters from the URL to the header, but note that even then IIS still limits to the header size to 16384 bytes, and will also return a 404 error to the client if you exceed this limit. Also, as for URLs, the maximum header size can be configured to less than the IIS limit.

Rank: #923

Hi all,

May I know how to configure the [IDP] forge or ADFS to send SAMLRepsonse by POST method?

Thank in advance.



Staff
Rank: #67

In order to increase the max query string in Outsystems, you can use the Factory Configuration component to create a shared configuration and apply it to the module that has the screen that needed to receive the larger URL.

You can find below the shared configuration template:

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" 
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
    <xsl:output method="xml" indent="yes" encoding="UTF-8"/>
    <xsl:template match="@*|node()">
        <xsl:copy>
            <xsl:apply-templates select="@*|node()"/>
        </xsl:copy>
    </xsl:template>
    <xsl:template match="/configuration/system.webServer/security/requestFiltering">
        <xsl:copy>
            <xsl:apply-templates select="@*|node()"/>
            <requestLimits maxUrl="3000" maxQueryString="3000"/>
        </xsl:copy>
    </xsl:template>
</xsl:stylesheet>

On the example, I'm using 3000 chars for the maxURL and 3000 for the QueryString. Feel free to adjust as per your requirements.

Regards,

Rank: #504

Mauro Machado wrote:

Hello,

I'm trying to make a request (GET) to a page and receive the status Error 404 - File or directory not found.

The URL (example) used has 1207 characters, which for the URL length of a GET request I think be within the limits:

https://mmachado.outsystemscloud.com/Service/SLO.aspx?SAMLRequest=nVNrb5swFP2%2BX4H8dSK8H7ECFSmNRqHNmlezfKkMdoJbAgQbSvLrR5Jl61qpmiZLV%2FLVvefcc3w9uGq3mdCQitEid4DSk4FA8qTANN84YD4biTa4cr8MGNpmagmjYlPUfEJ2NWFc8LtAc8RPrSnnJYOShEnTS2iHQZFIca%2Fk0vX5FvjSNBpPSdXQhPQQK1sgBL4DnvoyXiNL04msaUTRDcWIiaoTSzNlndg66soYq0mQM45y7gBVVvqiooiyOVMsqPWhYvdMw1wBYXHRoR51dMpyBs%2BTO6CuclggRhnM0ZYwyBM49e4i2JXCsip4kRQZcM9C4YmweovwOQBijFRHH4B78SErNjQXP7pBcSmxlMZxkRGeDqS3hBf6%2B44g8IVRUW0R%2F5z5mKFYXJ9KIa9Qzjo6DoQjxkONMrqmpPrzPP82FhCm398BfGgB%2F2WP5%2BHD6vF%2Bv1o%2BtNuw3aVZFO9X6vXc83fxTtLCrL05TG7VWXjnP77Sw4sRkklD1eVSGbGl32QbPk6GlTd%2BtvhXq%2F4x0tfR4pAOk5sUB3Nqkhdl0Ug3REKLbmOS5733rZrb%2FnAUhWRe3xrhq%2BNcTD%2Fb7F6We0rYcXuCHJPWfdJVwzaJrlrrxLBtxcCmrJkKTkzcHcOOf4G8a%2Fud%2FeunuD8B&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=nCIcLvESHO79m0fDnwa3UYP9Q8mK5EbRx6xe%2BgWyfCiHAc7yVL2moJnMj6uqnuz9QZkGyBZq2u%2FKBblafXn%2BSLzYIPptKo5Iy0Q3cyFSIdsKIXm4quys3Mc9zwCD5dGxfugLyS5fVdDrqfQ%2BBCnBB8Olf4Oc1H3XDhmqXcrpkdep%2FUiqFPNck4PU2gkUeqaZBIqybE9%2B9ogTHaQGyIsgQKvMgB8P8TySycOjj2xb2K3AiXBJWOBY%2BaPeU1YbxfChvBjy3%2FXNRiLdNMtdkmqZag2hyYJGhAs0cyl2n2s%2B78IpXDKCEu%2Bgbuhu4tC8eZdBfAxrI9c0uDCxvY0jsYjP0w%3D%3D


However (only for testing) if I cut the length of this URL to 1079 characters I can already access the page:

https://mmachado.outsystemscloud.com/Service/SLO.aspx?SAMLRequest=nVNrb5swFP2%2BX4H8dSK8H7ECFSmNRqHNmlezfKkMdoJbAgQbSvLrR5Jl61qpmiZLV%2FLVvefcc3w9uGq3mdCQitEid4DSk4FA8qTANN84YD4biTa4cr8MGNpmagmjYlPUfEJ2NWFc8LtAc8RPrSnnJYOShEnTS2iHQZFIca%2Fk0vX5FvjSNBpPSdXQhPQQK1sgBL4DnvoyXiNL04msaUTRDcWIiaoTSzNlndg66soYq0mQM45y7gBVVvqiooiyOVMsqPWhYvdMw1wBYXHRoR51dMpyBs%2BTO6CuclggRhnM0ZYwyBM49e4i2JXCsip4kRQZcM9C4YmweovwOQBijFRHH4B78SErNjQXP7pBcSmxlMZxkRGeDqS3hBf6%2B44g8IVRUW0R%2F5z5mKFYXJ9KIa9Qzjo6DoQjxkONMrqmpPrzPP82FhCm398BfGgB%2F2WP5%2BHD6vF%2Bv1o%2BtNuw3aVZFO9X6vXc83fxTtLCrL05TG7VWXjnP77Sw4sRkklD1eVSGbGl32QbPk6GlTd%2BtvhXq%2F4x0tfR4pAOk5sUB3Nqkhdl0Ug3REKLbmOS5733rZrb%2FnAUhWRe3xrhq%2BNcTD%2Fb7F6We0rYcXuCHJPWfdJVwzaJrlrrxLBtxcCmrJkKTkzcHcOOf4G8a%2Fud%2FeunuD8B&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=nCIcLvESHO79m0fDnwa3UYP9Q8mK5EbRx6xe%2BgWyfCiHAc7yVL2moJnMj6uqnuz9QZkGyBZq2u%2FKBblafXn%2BSLzYIPptKo5Iy0Q3cyFSIdsKIXm4quys3Mc9zwCD5dGxfugLyS5fVdDrqfQ%2BBCnBB8Olf4Oc1H3XDhmqXcrpkdep%2FUiqFPNck4PU2gkUeqaZBIqybE9%2B9ogTHaQGyIsgQKvMgB8P8TySycOj


What is the reason to a URL with 1207 characters not work and a URL with 1079 characters work?

Please see in attach the Service.oml module that simulates this situation.

I'm using Outsystems Service Studio 11.6.6 (build 4872) and Platform version is 11.0.424.0 .


How can I fix this?


Thanks in advance.

Mauro Machado

It is absolutely the configuration of server, there are some ways to fix it

  1. increase the request length in configuration on server. but if your data is larger, u will get the same error
  2. try to use POST and specify data in body
  3. can make a weird GET api which accept header, url and body

If I was in this case, I will choose option 2, it makes 

  • my url clean and keep user away from nonsense data on the address bar
  • I can stay safe from the data length


Rank: #923

I also want to use POST method. However, I don't how to configure ADFS to response logout in POST method.

Any ideas?

In our case, we were getting error in maxQueryStringLength parameter.

"The length of the query string for this request exceeds the configured maxQueryStringLength value"

So we had to change the httpruntime settings in shared configuration under Factory Configuration.

<xsl:template match="/configuration/system.web/httpRuntime">
<xsl:copy>
<xsl:attribute name="maxQueryStringLength">REPLACE_WITH_VALUE_HERE</xsl:attribute>
<xsl:attribute name="maxUrlLength">REPLACE_WITH_VALUE_HERE</xsl:attribute>
</xsl:copy>
</xsl:template>

Rank: #923

Thank for your information.

It's solved