

The variable requestlimits.maxallowedcontentlength: unit specifies the maximum length of content.įor example, to specify 30000000 as the maximum length of content, type the following at the command prompt, and then press ENTER:Īppcmd set config /section:requestfiltering /requestlimits.maxallowedcontentlength:30000000 Configure the maximum allowed URL length To configure a value for the maximum allowed length of content, use the following syntax:Īppcmd set config /section:requestfiltering /requestlimits.maxallowedcontentlength: unit To configure double escaping, use the following syntax:Īppcmd set config /section:requestfiltering /allowdoubleescaping: true | falseįor example, to enable double escaping, type the following at the command prompt, and then press ENTER:Īppcmd set config /section:requestfiltering /allowdoubleescaping:true Configure the maximum allowed content length To configure high-bit characters, use the following syntax:Īppcmd set config /section:requestfiltering /allowhighbitcharacters: true | falseįor example, to allow high-bit characters, type the following at the command prompt, and then press ENTER:Īppcmd set config /section:requestfiltering /allowhighbitcharacters:true Configure double escaping To configure general request-filter options by using the command line Configure high-bit characters In the Edit Request Filtering Settings dialog, edit the settings as desired, and then click OK.In the Actions pane, click Edit Feature Settings.In Features View, double-click Request Filtering.Open IIS Manager and select the level for which you want to configure request filter.To configure general request-filter options by using the UI Maximum length of the content requested.

Whether to allow requests that are double encoded.Whether to allow requests that contain high-bit characters (non-ASCII).Whether to allow requests that use HTTP verbs that are not listed.Whether to allow access to a file with an extension that is not listed for request filter.The general settings include such settings as the following: To get the most from this tutorial, you must have access to a computer that is running one of the following operating systems: You can configure a request filter at the server-wide level and then override the configuration at a website level. It also rejects requests for some file name extensions.

#Mac file extensions hidden by default code#
The request filter module scans incoming requests and rejects requests that are unwanted based upon the rules that you set up.īy default, IIS rejects requests to browse critical code segments. By blocking specific HTTP requests, request filters help prevent potentially harmful requests from reaching the server. Request filters restrict the types of HTTP requests that IIS 8 processes.
#Mac file extensions hidden by default how to#
This document shows you how to use common request-filter settings to improve the security of your IIS 8 web server.
