Develop Reference

How to allow LINK and UNLINK on IIS 10

I'm exploring HTTP verbs like LINK and UNLINK. There is a simple website on IIS 10 for this purpose but looks like it doesn't allow these methods by default. I added a couple of rules in Request Filtering for verbs and still getting 405 error.
UPD
web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<trace enabled="true" writeToDiagnosticsTrace="true" />
</system.web>
<system.webServer>
<security>
<requestFiltering>
<verbs>
<add verb="LINK" allowed="true" />
<add verb="UNLINK" allowed="true" />
</verbs>
</requestFiltering>
</security>
</system.webServer>
</configuration>

web.config to allow urls ending with .config

I have REST url which is like '/api/abc/xyz/pqr.Config'. This is invalid URL as ASP.NET considers this as possible security breach. I used 'alwaysAllowedUrls' tag in web.config but there can be 100's of such kind of URL. So is there a way I can specify RegEx which will allow URLs matching that RegEx. This is not available in 'alwaysAllowedUrls'.

Add this code to your <system.webServer> of web.config, this is dynamic path, every where which you have pqr.config file this can be shown to everyone.
<security>
<requestFiltering>
<fileExtensions>
<remove fileExtension=".config" />
<add fileExtension=".config" allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
<staticContent>
<mimeMap fileExtension="/api/abc/xyz/*.*.config" mimeType="text/xml" />
</staticContent>

allow azure asp.net website to serve x3d files

I want to serve x3d files by my azure asp.net website. I tried in web.config:
<system.webServer>
<security>
<requestFiltering>
<fileExtensions applyToWebDAV="false">
<add fileExtension=".x3d" allowed="true" />
<add fileExtension=".bin" allowed="true" />
</fileExtensions>
<requestLimits maxAllowedContentLength="1048576000" />
</requestFiltering>
</security>
</system.webServer>
What is wrong?

You need to edit the web.config and add those file extensions as mime types.
Please see the following artcile: http://blogs.iis.net/richma/adding-mime-types-to-your-windows-azure-web-site
The following example is for .woff font files:
Add the following to the section of your web.Config.
<staticContent>
<mimeMap fileExtension=".woff" mimeType="application/x-font-woff" />
</staticContent>
Note : If the element already exists you just need to add the element to this section for the type you want to add

How to properly disable HTTP verbs?

We've added the following to our Web.config:
<system.webServer>
<security>
<requestFiltering>
<verbs allowUnlisted="false">
<clear/>
<add verb="GET" allowed="true"/>
<add verb="POST" allowed="true"/>
</verbs>
</requestFiltering>
</security>
</system.webServer>
When we do an Invoke-WebRequest with PowerShell for other verbs than GET and POST we get the message:
The remote server returned an error: (404) Not Found.
Does this mean the verb is disabled? Or is there a better way?

IIS7 - The request filtering module is configured to deny a request that exceeds the request content length

I want to upload images, it works fine on my machine but when I put my website on IIS7 server for public I can't upload anything.
Error
The request filtering module is configured to deny a request that
exceeds the request content length.
Most likely causes
Request filtering is configured on the Web server to deny the request
because the content length exceeds the configured value.
Things you can try
Verify the configuration/system.webServer/security/requestFiltering/requestLimits#maxAllowedContentLength
setting in the applicationhost.config or web.config file.
system.webServer in Web.config
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true" />
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="1048576" />
</requestFiltering>
</security>
</system.webServer>
As you can see I set my maxAllowedContentLength to 1gb. Restarted my website and still getting this error. I made an /uploads/ folder on my file system where it suppose to be as well. Have no idea what causes this error and why I can't upload images.

<configuration>
<system.web>
<httpRuntime maxRequestLength="1048576" />
</system.web>
</configuration>
From here.
For IIS7 and above, you also need to add the lines below:
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering>
</security>
</system.webServer>

The following example Web.config file will configure IIS to deny access for HTTP requests where the length of the "Content-type" header is greater than 100 bytes.
<configuration>
<system.webServer>
<security>
<requestFiltering>
<requestLimits>
<headerLimits>
<add header="Content-type" sizeLimit="100" />
</headerLimits>
</requestLimits>
</requestFiltering>
</security>
</system.webServer>
</configuration>
Source: http://www.iis.net/configreference/system.webserver/security/requestfiltering/requestlimits

I had similar issue, I resolved by changing the requestlimits maxAllowedContentLength ="40000000" section of applicationhost.config file, located in "C:\Windows\System32\inetsrv\config" directory
Look for security Section and add the sectionGroup.
<sectionGroup name="requestfiltering">
<section name="requestlimits" maxAllowedContentLength ="40000000" />
</sectionGroup>
*NOTE delete;
<section name="requestfiltering" overrideModeDefault="Deny" />