在Azure Web应用程序上使用POST请求上传文件导致403禁止访问。

huangapple go评论63阅读模式
英文:

File uploading using POST request on Azure Web app results in 403 forbidden

问题

以下是翻译好的部分:

对于在 Azure Web 应用服务上运行的使用 Docker 镜像的 Web 应用(ASP-prod-a1e6(P1v3: 1)),我想通过 REST 服务上传文件。

我使用以下请求:

POST {{ baseUrl }}/api/update/project
Content-Type: multipart/form-data; boundary=boundary
Accept: */*
Authorization: Bearer {{ bearerToken }}

--boundary
Content-Disposition: form-data; name="file"; filename="project_content.json"

< project_content.json
--boundary

而我收到以下响应:

HTTP/1.1 403 Forbidden
Content-Length: 0
Connection: close
Date: Thu, 15 Jun 2023 09:13:16 GMT

<Response body is empty>Response code: 403 (Forbidden); Time: 74ms (74 ms); Content length: 0 bytes (0 B)

对于小文件(小于128kB),该调用成功运行,但我的文件大小为210kB,因此必须有某种限制。我没有在 Azure 上使用任何防火墙。我还将 CORS 策略更新为 *,以启用所有主机。

我尝试找到可以增加文件上传限制的地方,并且通过 HTML 前端成功上传文件。

英文:

For a web app using a Docker image running on an Azure Webb App service (ASP-prod-a1e6 (P1v3: 1)) I want to upload a file via a REST service.

I use the following request

POST {{ baseUrl }}/api/update/project
Content-Type: multipart/form-data; boundary=boundary
Accept: */*
Authorization: Bearer {{ bearerToken }}

--boundary
Content-Disposition: form-data; name="file"; filename="project_content.json"

< project_content.json
--boundary

And I am getting the following response

HTTP/1.1 403 Forbidden
Content-Length: 0
Connection: close
Date: Thu, 15 Jun 2023 09:13:16 GMT

<Response body is empty>Response code: 403 (Forbidden); Time: 74ms (74 ms); Content length: 0 bytes (0 B)

The call works successfully for small files (< 128kB) but my files are 210kB so there must be a limit somewhere. I am not using any firewall on Azure. I also updated the CORS policy to * so all hosts are enabled

I tried to find a place where the increase the file upload limits and uploading files via the HTML frontent works fine

答案1

得分: 0

如果您想在web.config中更改请求文件大小限制,以下是您需要执行的步骤:

  1. 打开Azure门户并导航到您的App Service。

  2. 在左侧菜单中,选择开发工具 > 高级工具。这将在新标签页中打开Kudu控制台。

  3. 在Kudu控制台中,选择调试控制台 > CMD 以打开命令提示符。

  4. 通过运行以下命令导航到site目录:

    cd site
    
  5. wwwroot目录中找到web.config文件并打开它以进行编辑。您可以使用edit命令在控制台中打开文件,或者您可以下载文件并在本地进行编辑。

  6. web.config文件添加以下配置部分以增加最大请求大小:

    <system.webServer>
      <security>
        <requestFiltering>
          <requestLimits maxAllowedContentLength="104857600" />
        </requestFiltering>
      </security>
    </system.webServer>
    

    在此示例中,maxAllowedContentLength属性设置为104857600字节,相当于100 MB。您可以根据需要调整此值。

  7. 保存对web.config文件的更改,并重新启动App Service以应用新的配置。

英文:

If you want to change the request file size limit in the web.config, here's what you need to do:

  1. Open the Azure portal and navigate to your App Service.

  2. In the left-hand menu, select Development Tools > Advanced Tools. This will open the Kudu console in a new tab.

  3. In the Kudu console, select Debug Console > CMD to open a command prompt.

  4. Navigate to the site directory by running the following command:

    cd site
    
  5. Locate the web.config file in the wwwroot directory and open it for editing. You can use the edit command to open the file in the console, or you can download it and edit it locally.

  6. Add the following configuration section to the web.config file to increase the maximum request size:

    &lt;system.webServer&gt;
      &lt;security&gt;
        &lt;requestFiltering&gt;
          &lt;requestLimits maxAllowedContentLength=&quot;104857600&quot; /&gt;
        &lt;/requestFiltering&gt;
      &lt;/security&gt;
    &lt;/system.webServer&gt;
    

    In this example, the maxAllowedContentLength attribute is set to 104857600 bytes, which is equivalent to 100 MB. You can adjust this value to suit your needs.

  7. Save the changes to the web.config file and restart your App Service to apply the new configuration.

答案2

得分: 0

我找到了问题的原因。如前所述,编辑 web.config 对这类容器没有影响,因为它们是 Docker 实例,请求已经在接收服务器的其中一个上被拦截。

原来是通过“配置 > 通用设置”中的“传入客户端证书”设置(设置为“可选”)阻止了请求,如果请求的主体较大。

将此设置切换为“忽略”解决了问题,现在所有的请求都由 Docker 容器回复。

英文:

I found the cause of the problem. As mentioned before has editing web.config no effect for this type of containers as these are Docker instances and the request was already caught on 1 of the receiving servers.

It turned out that the "Incoming Client Certificates" setting (via Configuration > General Settings) blocks the request in case this is set to "Optional" and the request has a larger body

Switching this setting to "Ignore" solved the issue and now all requests are answered by the Docker container

huangapple
  • 本文由 发表于 2023年6月15日 17:18:37
  • 转载请务必保留本文链接:https://go.coder-hub.com/76480986.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定