My web api was working in several IISs and when moved to Azure VM, it gives net:: ERR_CONNECTION_RESET when calling only from ajax client but works proper when using POSTMAN.
When hitting from ajax html client it says net:: ERR_CONNECTION_RESET in OPTIONS request. Thought that it didnt reach the server but when referring http error file in
C:\Windows\System32\LogFiles\HTTPERR
It shows
2017-07-20 12:54:06 210.18.173.26 54141 10.0.1.4 80 HTTP/1.1 OPTIONS /api/User/Method1 - 1 Request_Cancelled myappapipool
In web.config
<add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Headers" value="Content-Type" /> <add name="Access-Control-Allow-Credentials" value="true" /> <add name="Access-Control-Allow-Methods" value="GET, POST, OPTIONS" /> I have tried adding timeout in web.config, it is not solving. Also tried changing the web config "Access-Control-Allow-Headers" value to "*", it gave preflight request error.
Since the same server and ajax client communication is working in other iis, i suspect there is something fishy which i missing while configuring my web api in IIS which is located in Azure VM. When calling from POSTMAN or android client it is working like a charm with the existing configuration in IIS.
Any help/suggestion is much appreciated.
4 Answers
Answers 1
Request_Cancelled Coming in HTTPErr log is caused by the DynamicIPRestrictions Module mitigating against DDOS attacks.
if you setup Dynamic IP Restrictions with "Deny Action Type" set to "Abort Request", the requests will be aborted and logged as "Request_Cancelled" in the HTTPErr log
By default Dynamic IP Address Restrictions may abort the request if more than 5 concurrent requests come(check what is the configured setting in your server.) And that may be reason why it works for one server and does not work in Azure environment.More details can be found on Security guidelines to detect and prevent DOS attacks targeting IIS/Azure Web Role (PAAS)
Answers 2
What kind of error in browser's console do you see? Have a look on request/response header values IN the browser. Sometimes the configuration is not applied correctly and/or browser expects other headers. Sometimes, Allow-Headers param is too restrictive, try to play with that.
Also, is it reproducible on all browsers?
Answers 3
This is my web config configuration, working for both postman and chrome, you can give it a try:
<system.web> <compilation debug="true" targetFramework="4.5.2" /> <httpRuntime targetFramework="4.5.2" /> <httpModules> <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" /> </httpModules> </system.web> <system.webServer> <handlers> <remove name="WebDAV" /> <remove name="ExtensionlessUrlHandler-Integrated-4.0" /> <remove name="OPTIONSVerbHandler" /> <remove name="TRACEVerbHandler" /> <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" /> </handlers> <validation validateIntegratedModeConfiguration="false" /> <modules runAllManagedModulesForAllRequests="true"> <remove name="WebDAVModule" /> <remove name="ApplicationInsightsWebTracking" /> <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" /> </modules> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Headers" value="Content-Type" /> <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" /> </customHeaders> </httpProtocol> </system.webServer> Hope it helps !
Answers 4
You will get this issue due to several reasons. But in this case, I assume that you have install WebDAV and sometimes it make conflict with other modules. So, you better to try to remove that extension first.
0 comments:
Post a Comment