IIS cached files never replaced - caching

Perhaps I'm missing something by not wording my Google searches correctly, but I've run into an issue with IIS 8.5 and caching. I have a server set up that by all standards should be serving only static files. Obviously, when a file is changed, the new file should be served up. The issue is that even after a server restart, setting files to immediately expire, didsabling caching, disabling compression, and turning off any other caching feature, the old file with its old timestamp is still being served.
I have the following settings:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering allowHighBitCharacters="false">
<verbs allowUnlisted="false">
<add verb="GET" allowed="true" />
</verbs>
</requestFiltering>
</security>
<caching enabled="false" enableKernelCache="false" />
<urlCompression doStaticCompression="false" />
</system.webServer>
<location path="" overrideMode="Deny">
<system.webServer>
</system.webServer>
</location>
<location path="" overrideMode="Allow">
<system.webServer>
</system.webServer>
</location>
</configuration>
The folder in which the files are located has read only permissions. The interesing fact is that if I go to mydomain.com, the old version shows up, but going to newmydomain.com loads the new file (even though they both point to the same IP address).

An HTTP client can use the old version of a file if the cache control header(s) sent with the response indicated that the content would not change for a given period of time. It does not matter if the content changed on the server or not.
For example, if the file is sent with the header:
Cache-Control: Max-age=86400
then for 24 hours the client can use the file without contacting the server. If the file changes on the server, the client won't know that the file changed because it won't even make a request to the server.
You can add the must-revalidate cache control attribute to force the client to always make a server request.

As noted in my reply to storsoc, our issue was that our load balancer, an F5 server, was trying offload as much as possible from our web servers by caching our site. See K13255: Displaying and deleting HTTP cache entries from the command line (11.x and later) for how to forcefully remove cached entries.

Related

.Net Core 2.1 Error 413 on multipart/form-data POST only on IIS not IIS Express

I'm hitting a problem with multipart/form-data POST uploads on IIS. My client is an Angular SPA and my backend is on .Net Core 2.1 (I know it's old).
The backend project is published as Self-Contained win-x64. I'm not sure how it's configured exactly on IIS / Kestrel but the IIS App runs under a specific Application Pool (No managed Code / Integrated). My web.config looks like this:
<configuration>
<location path="." inheritInChildApplications="false">
<system.web>
<httpRuntime maxRequestLength="1048576" />
</system.web>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering>
</security>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath=".\my.app.exe" stdoutLogEnabled="false" stdoutLogFile=".\log\path" />
</system.webServer>
</location>
</configuration>
In my development environment instead I'm using IIS Expres.
Now I added a multipart/form-data upload, sending form data together with a blob/image. This worked out of the box in development settings. However when I publish to staging environment with real IIS and the above web.config, I always get 413 Request entity too large.
My controller looks like this:
[HttpPost]
[DisableRequestSizeLimit]
[RequestFormLimits(MultipartBodyLengthLimit = int.MaxValue, ValueLengthLimit = int.MaxValue)]
[RequestSizeLimit(int.MaxValue)]
[Route("my/route")]
public ActionResult MyHandler()
I also added limits for Kestrel in Program.cs:
.UseKestrel(options =>
{
options.Limits.MaxRequestBodySize = 104857600; // 100MB
}
)
And to make the weirdness complete the 413 in staging environment only happens in Firefox. I have no idea what else I can do. I also cleared cache in firefox.
After longer search I finally found the necessary setting in IIS to make this work in Firefox. And it has indeed be mentioned in a few sources as the 'last option'. For me it was necessary in this case.
In 'IIS Manager' I selected the backend application and opened 'Configuration Editor'
system.webServer/serverRuntime -> uploadReadAheadSize=2147483647
That maked it work.

IIS Bad Request for the site configured with url-rewrite with ARR

I have website created under IIS 8.0 in Windows 2012. An URL rewrite with ARR has created under this site which points to a linux machine (Basically to a webservice deployed in Tomcat) and through IIS there will be "GET" request where the URL is exceeding more than 5000 characters along with query string. When the URL is hit through program or in browser, I see IIS throws "Bad Request" with Status code as 400 and no Substatus code. The same works when it is directly hit to the webservice (for tomcat Linux). I suspected the issue is because of the excess characters in the url, because when I try decreasing the url length to 3500 characters which works without any error. Below are the configuration and settings that I have tried in IIS web.config and as well as http.sys registry, but nothing seems to be work.
<configuration>
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="true">
<requestLimits maxAllowedContentLength="4294967295" maxUrl="10999" maxQueryString="2097151">
<headerLimits>
<add header="Content-Type" sizeLimit="100000000" />
</headerLimits>
</requestLimits>
</requestFiltering>
</security>
<urlCompression doDynamicCompression="false" />
</system.webServer>
<system.web>
<httpRuntime maxRequestLength="8192" maxUrlLength="8192" maxQueryStringLength="8192" requestPathInvalidCharacters="" />
</system.web>
</configuration>
http.sys Registry Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\MaxFieldLength - DWORD - 65534
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\MaxRequestBytes - DWORD - 16777216
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\UrlSegmentMaxCount - DWORD - 16383
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\UrlSegmentMaxLength - DWORD - 32766
I have rebooted the Windows server after every above settings and configurations was done.
These settings and configuration are honored by IIS without url rewrite. If I try other url with length of 5000 characters for the same website its works without any error. This is appearing only for the url that has fallen under URL rewrite config. Is there any specific configurations that need to be done with respect to URL length in ARR apart from the above mentioned? Please suggest and help.
Thanks in Advance.
Answering to my question.
The issue was on the Linux Tomcat side not on IIS, the catalina.out logs was stated as below
INFO: Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Request header is too large
I added the configuration of maxHttpHeaderSize="65536" in server.xml of tomcat/conf. After modifying this, the issue was resolved.

How to allow a DELETE method with IIS Express and Web API?

I am trying to send a delete request to my Web API service via Fiddler and am getting back a 405 "Method not allowed" error.
I have read extensively about removing the "WebDAV" module in web.config and similar suggestions (WebDAV is not enabled in my applicationhost.config anyway), but nothing I have tried has worked.
My service is currently running on IIS Express 10 (launching from Visual Studio). I do have this in my web.config file:
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler"
preCondition="integratedMode,runtimeVersionv4.0"/>
I would have thought the verb="*" piece would have allowed DELETE, but it does not seem to work.
One other note - when I inspect the response in Fiddler, under the Security heading it says: Allow: GET, POST.
I am not sure where that "Allow" parameter is being set (I am new to Web API).
Any help would be greatly appreciated. Please let me know what other information you need from me and I will add it.
Thank you!
Just reproduced this by creating a new webapi project [targeting .net framework 4.7.1]
Through Fiddler, I can hit the DELETE endpoint without any changes to web.config.
Please make sure to use correct endpoint including the id parameter.
e.g http:localhost:xxxx/api/values/id // please include the id and xxxx is port number.
If http:localhost:xxxx/api/values is used without id , I get the same result 405 Method Not Allowed
Hope this helps.
You can modify the IIS Express applicationHost.config in the %userprofile%\documents\IISExpress\config folder.  To enable PUT and DELETE for extensionless Urls scroll down to the bottom of the IIS Express applicationHost.config file and look for a handler entry that starts with: <add name="ExtensionlessUrl-Integrated-4.0".... In the "verb" attribute add PUT and DELETE so the "verb" attribute looks like:  verb="GET,HEAD,POST,DEBUG,PUT,DELETE"
Update your web config like this
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule"/> <!-- ADD THIS -->
</modules>

Getting No 'Access-Control-Allow-Origin' when sending large JSON via AJAX

I'm working on a web page that calls a REST webservice via ajax to get and insert data.
The problem is that we need to send a base64 image in a JSON. You know, the base64 image is the imaged converted to that large text: base64/fjhd7879djkdadys7d9adsdkjasjdshk...
When we try with a 1 KB image, it works.
But with a bigger file(55kb), it doesn't.
So I assume it has something to do with the maxRequest, but the error says that is No 'Access-Control-Allow-Origin'. But we havent fount any way to configure it. Please help.
By default browsers block json requests from other domains other than the page unless the json request has the Access-Control-Allow-Origin header, so you'll need to add that header to your json requests on that service or use the same domain for both.
More info here: https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS
You can try setting the maxJsonLength to it's maximum value in the web.config file.
<system.web.extensions>
<scripting>
<webServices>
<jsonSerialization maxJsonLength="2147483647"/>
</webServices>
</scripting>
</system.web.extensions>
I know this is an old post, but for anyone who still might be having this problem, I solved it by adding two settings to Web.config as described here: https://west-wind.com/webconnection/docs/_4lp0zgm9d.htm
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="2147483647"></requestLimits>
</requestFiltering>
</security>
<!--snip-->
</system.webServer>
and
<system.web>
<httpRuntime maxRequestLength="2147483647" />
<!--snip-->
</system.web>

JQuery Ajax File Upload Fail on Large Files

I currently have a ASP.Net MVC web application that needs to upload large files using ajax. I am currently using this jQuery plugin - http://valums.com/ajax-upload/. I have also used this plugin - http://jquery.malsup.com but get the same result.
The issue that I am having for large file is that the iframe that gets generated to in order for the request to be asynchronous is not loading in time.
It always seems to point to this code:
var doc = iframe.contentDocument ? iframe.contentDocument : iframe.contentWindow.document, response;
For smaller files the script works great but for larger files the iframe nevers seems to get initialized properly.
This has been driving me crazy. Can someone please HELP.
thanks in advance
You might need to increase the maximum allowed request size on the server as well as the execution timeout of the request using the <httpRuntime> section in your web.config
<system.web>
<httpRuntime
maxRequestLength="size in kbytes"
executionTimeout="seconds"
/>
...
</system.web>
And if you are deploying your application in IIS 7.0+ you might also need to increase the maximum allowed request size using the <requestLimits> node of the <system.webServer> section:
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="size in bytes" />
</requestFiltering>
</security>
...
</system.webServer>

Resources