Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 404.14 – URL_TOO_LONG"


Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.

Symptoms


You have a Web site that is hosted on Internet Information Services (IIS) 7.0. When you visit the Web site, you may receive an error message that resembles the following:
Server Error
--------------------------------------------------------------------------------
HTTP Error 404.14 – URL_TOO_LONG
HRESULT: 0
Description of HRESULT

# The operation completed successfully.

Cause


This issue occurs because the length of the Web site's URL exceeds the value of the maxUrl property of the requestLimits XML element.

Resolution


Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

To resolve this issue, follow these steps:
  1. Open the ApplicationHost.config file. The ApplicationHost.config file is in the following folder:
    %SystemRoot%\system32\inetsrv\config
  2. Locate the requestFiltering XML element.
  3. Under the requestFiltering XML element, locate the requestLimits XML element.
  4. Change the value of the maxUrl property to a value that is larger than the length of the Web site's URL.

    Note By default, the value of the maxUrl property is 4,096.
The length of a requested URL is limited for security reasons. When you increase the limit on the length of a requested URL, you may reduce the security level of the server that is running IIS.