Web Application Proxy, long URLs and the 400 error code

By | March 22, 2016

The other day one of my customers was testing remote access to a web application via the Web Application Proxy (WAP). Everything seemed to working except some reports. These generated “HTTP Error 400. The request URL is invalid”. Given that the reports worked well inside the corporate network it pointed to an issue with the WAP.

Further investigation revealed that the requested URL for that generated the error was unusually long (approximately 500 characters).

The WAP uses HTTP.sys under the hood. HTTP.sys is a kernel-mode device driver that first drew breath in IIS 6.0 (shipped with the now unsupported Windows Server 2003).

As it turns out HTTP.sys imposes a 260 character limit on URLs. Fortunately, this limit is configurable by modifying the registry, as described in the following KB article:

https://support.microsoft.com/en-us/kb/820129

The steps to increase the limit are:

  1. 1. Create a UrlSegmentMaxLength DWORD value under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters and set it to 600 (decimal)
  2. 2. Reboot the WAP server.

This resolved the issue for my customer. I hope it helps you too!

 

3 thoughts on “Web Application Proxy, long URLs and the 400 error code

  1. Jeoffrey

    We had the same issue on our end.. Error 400 on certain requests. First I installed the KB3042127 hotfix you also mentioned in another article however this didn’t work. Then I figured it may be related to the long URL’s and I found this article.

    The Registry key fixed our problems with Atlassian Jira not working correctly through the Web Application Proxy. Many thanks!

    Reply
  2. Daniel

    Thanks! We had the exact same problem with Jira as well. The customer portal wouldn’t load when going through the Web Application Proxy due to the long URLs. This fixed it right up!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.