requestFiltering - Infinite Lexicon - Infinite Lexicon

requestFiltering

Request Filtering is a security feature of Internet Information Services (IIS) that blocks or restricts HTTP requests based on configurable rules. Implemented as a module in IIS, it inspects components of incoming requests, such as the URL, query string, headers, and, when enabled, the request body, and rejects those that violate defined criteria.

Rules are organized into categories that include file name extensions, hidden segments, and general request limits.

Configuration and scope are flexible: Request Filtering can be applied at the server, site, or application level

Historically, Request Filtering is part of IIS 7 and later, introduced to provide a centralized mechanism for

a

maxAllowedContentLength,

maxQueryString.

considerations,

allowDoubleEscaping

allowHighBitCharacters,

applicationHost.config,

system.webServer/requestFiltering,

fileExtensions,

hiddenSegments,