All geek questions in one place

My web api gives net :: ERR_CONNECTION_RESET error only from ajax client

My web api worked in several IIS, and when I switched to Azure VM, it gives net :: ERR_CONNECTION_RESET when called only from the ajax client, but it works correctly when using POSTMAN.

When hitting from the ajax hjml client, the OPTIONS message indicates net :: ERR_CONNECTION_RESET. I thought that he did not reach the server, but when accessing http the error file in

C: \ Windows \ System32 \ LogFiles \ HTTPERR

He shows

2017-07-20 12:54:06 210.18.173.26 54141 10.0.1.4 80 HTTP / 1.1 OPTIONS / api / User / Method1 - 1 Request_Cancelled myappapipool

In web.config

<add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Headers" value="Content-Type" /> <add name="Access-Control-Allow-Credentials" value="true" /> <add name="Access-Control-Allow-Methods" value="GET, POST, OPTIONS" />

I tried adding a timeout to web.config, it does not solve. Also tried to change the value of "Access-Control-Allow-Headers" in the web configuration "*", this gave a request error before the flight.

Since the same interaction with the server and the ajax client works in other iis, I suspect there is something suspicious that I lose when setting up my web api in IIS, which is located in Azure VM. When called from a POSTMAN or Android client, it works like a charm with an existing configuration in IIS.

Any help / suggestion is greatly appreciated.

+5
source share
4 answers

Request_Cancelled, which is part of the HTTPErr log, is called by the DynamicIPRestrictions Module , which mitigates DDOS attacks.

if you configure dynamic IP restrictions using the Deny action option set to Interrupt Request, requests will be aborted and logged as Request_Cancelled in the HTTPErr log

By default, Dynamic IP restrictions can interrupt a request if more than 5 simultaneous requests arrive (check what the configured parameter is on your server.) And this may be the reason that it works on the same server and does not work in the Azure environment More details information can be found on Security Recommendations for Detecting and Preventing DOS Attacks Targeting IIS / Azure Web Role (PAAS)

+3
source

You will get this problem for several reasons. But in this case, I assume that you are installing WebDAV, and sometimes conflict with other modules. So, first try uninstalling this extension.

enter image description here

+1
source

What error do you see in the browser console? Look at the request / response header values ​​in the browser. Sometimes the configuration is not applied correctly and / or the browser expects other headers. Sometimes the Allow-Headers parameter is too strict, try playing with it.

Also, does it play in all browsers?

+1
source

This is my web config configuration, working for both the postman and chrome, you can try:

 <system.web> <compilation debug="true" targetFramework="4.5.2" /> <httpRuntime targetFramework="4.5.2" /> <httpModules> <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" /> </httpModules> </system.web> <system.webServer> <handlers> <remove name="WebDAV" /> <remove name="ExtensionlessUrlHandler-Integrated-4.0" /> <remove name="OPTIONSVerbHandler" /> <remove name="TRACEVerbHandler" /> <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" /> </handlers> <validation validateIntegratedModeConfiguration="false" /> <modules runAllManagedModulesForAllRequests="true"> <remove name="WebDAVModule" /> <remove name="ApplicationInsightsWebTracking" /> <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" /> </modules> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Headers" value="Content-Type" /> <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" /> </customHeaders> </httpProtocol> </system.webServer>

Hope this helps!

+1
source

Source: https://habr.com/ru/post/1270020/

More articles:


All Articles