locked
Avoiding Application Pool Shutdown after multiple invalid page requests. RRS feed

  • Question

  • User-1408980514 posted

    Hi All,

    I have an app pool that is shutting down when there are multiple requests for an invalid page in the site using the app pool. This is an internal only site using integrated authentication. While there is a bug in our application generating a bogus link, I've noticed some users create favorites to invalid pages. When the request is made, the user is prompted to authenticate. Authentication fails multiple times even with correct credentials. Once the user has tried to authenticate a number of times, the app pool shutdowns and all users get the Service Unavailable error. Not sure if this is relevant but the app pool identity is a explicitly speficied service account.

    Is there a way to prevent this? I believe this is related to Rapid-Fire Protection, no? I'd prefer to leave that enabled. Ideally, the user would just get a 404 and not take down the site.

    Thanks in advance. I've searched forums and googled numerous times but can't seem to find anything.

    Rob

     

    Tuesday, May 31, 2011 10:48 AM

Answers

  • User299556178 posted

    If your application is generating bogus links, and the file is not available on the server, it should give a 404. It should not ask to log on. It should defenitely not crash the application pool.

    You don't happen to have a web application that catches these requests as well? So it "overrides" the behavior of IIS. Because that would make more sense, for example that your web application crashes after multiple failed logon attempts.

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Friday, June 3, 2011 3:52 AM

All replies

  • User-1672167363 posted

    Hello,

    If I am reading your post correctly you need a method to handle

          invalid requests that are part of the 404 error and you currently have nothing

          in placed to deal with the requests.

    I suggest that you check the IIS Net Forums for Rewrite use with IIS 6.0

    you need to install Rewrite Software to allow writing Rules with IIS Server.

    You can get free or paid versions of Rewrite software and the Rewrite Forum has

       links for both with suggestions for IIS Server Rules and methods.

    Martin

     

     

     

    Tuesday, May 31, 2011 11:03 AM
  • User-1408980514 posted
    Thanks. I'll dig into that.
    Tuesday, May 31, 2011 4:19 PM
  • User-176674611 posted

    Hi,

    appPool shut down will lead to 503 error, which is not customizable for error pages. Could you please check event log to see if there has any related log information?

    Thanks.

    Thursday, June 2, 2011 5:02 AM
  • User299556178 posted

    If your application is generating bogus links, and the file is not available on the server, it should give a 404. It should not ask to log on. It should defenitely not crash the application pool.

    You don't happen to have a web application that catches these requests as well? So it "overrides" the behavior of IIS. Because that would make more sense, for example that your web application crashes after multiple failed logon attempts.

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Friday, June 3, 2011 3:52 AM
  • User-1672167363 posted

    Hello,

    It has been a while since this Security Bulletin http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx 

    was released.

    The issue is dealing with how 404 errors should be handled in IIS Server in particular web.config settings

    and having a common page that all invalid requests are directed to.

    The security problem lies with what infomation that a "Hacker" can get during repeated requests.

    So if your having invalid requests and 404 errors there needs to be some method(s) in place to detect and handle the actions.

    Your current shut  down problem maybe that Anti-Virus, Anti-Malware is doing the detection and shutting the server down

    as a method to prevent further attacks.

    Martin

     

     

    Friday, June 3, 2011 10:04 AM