IIS

Solved: HTTP status 413 (Request Entity Too Large)

Many web applications have pages for users to upload files. Whether or not it’s a PDF document or image file, IIS has a limit for the size of the content users can upload. If the file size exceeds this limit, the application throws “Error in HTTP request, received HTTP status 413 (Request Entity Too Large)” error.

The default upload size in IIS is 49 KB (49152 bytes). The application logs the error message below if user tries to upload a file that is bigger than the default upload size.

Error in HTTP request, received HTTP status 413 (Request Entity Too Large)

413 Request Entity Too Large error

You may ask why this issue occurs for sites protected by SSL. It is because the request body must be preloaded during the SSL handshake process.

HTTP/2 SETTINGS frame bug and related registry keys

HTTP/2 protocol improves the performance and security of today’s digital world. It consists of several frames to carry requests between clients and servers. One of these frames is SETTINGS frame which may be used by attackers to increase CPU usage to 100% in IIS and eventually make the server unresponsive (Denial of Service – DoS).

In this post, we will discuss the root cause and the solution for this bug.

What is HTTP/2 SETTINGS frame?

It is part of the HTTP/2 request which contains 6 parameters to manage communication between peers. Here is how IETF HTTP Working Group explains the usage of this frame:

The SETTINGS frame (type=0x4) conveys configuration parameters that affect how endpoints communicate, such as preferences and constraints on peer behavior. The SETTINGS frame is also used to acknowledge the receipt of those parameters.

SETTINGS in Hypertext Transfer Protocol Version 2 (HTTP/2)
HTTP/2 SETTINGS frame
HTTP/2 SETTINGS frame (Source: IETF HTTP Working Group)

IIS logs 500.19 if a client drops connection while loading the website

HTTP status and sub-status codes provide valuable information about the issues users come across. One of the code pairs is 500.19 which means “Configuration data is invalid“. However, IIS may show this pair incorrectly if a user drops connection before the browser loads the website completely.

The error message from the Failed Request Tracing log is below. Please note that this error appears during the execution of the Dynamic Compression module.

HttpStatus: 500

HttpReason: Internal Server Error

HttpSubStatus: 19

ErrorCode: An operation was attempted on a non existent network connection (0x800704cd)

What happens when a client drops connection
Error log when the client drops connection

Fixed ERROR_INTERNET_SEC_CERT_REVOKED

Users and servers communicate via unencrypted messages unless the website owners use SSL certificates. A valid SSL certificate ensures that communication is secure. Therefore, someone who intercepts packages in the network cannot read the data. Certificates are useful and easy to configure most of the time. However, in some cases, the connection may become unprotected and you may see the error message ERROR_INTERNET_SEC_CERT_REVOKED or ERR_CERT_REVOKED.

I came across “certificate has been revoked” message in a website hosted at GoDaddy. Everything was fine and SSL certificate was valid. One day, I visited the site and saw this annoying warning page in Chrome and Edge.

ERROR_INTERNET_SEC_CERT_REVOKED in Microsoft Edge

Here is the full error message Microsoft Edge browser displays when the website has a revoked certificate:

This site is not secure

This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.

This website’s security certificate has been revoked, so you can’t go there at this time.

Error Code: ERROR_INTERNET_SEC_CERT_REVOKED


ERROR_INTERNET_SEC_CERT_REVOKED error in Edge