One of our Asp.Net websites started throwing an “ThrowIfMaxHttpCollectionKeysExceeded” exception with message that looked like this:
“Operation is not valid due to the current state of the object”
It turns out that in late december (2011), Microsoft put out a patch for a DOS vulnerability. This patch limits many different collections to a value of 1000. (One of them being the number of keys allowed in the HttpCollection).
To fix it, you need to up the limit to a number that’s reasonable for your application, using the following configuration setting:
<configuration> <appSettings> <add key="aspnet:MaxHttpCollectionKeys" value="1000" /> </appSettings> </configuration>
Notes:
Microsoft Security Bulletin MS 11-100: http://technet.microsoft.com/en-us/security/bulletin/ms11-100
An ASP.Net request that has lots of form keys… fails with an exception: http://support.microsoft.com/kb/2661403
No comments:
Post a Comment