1

I've split out the ipSecurity section of my web.config file to it's own file. I use this files to block users from countries other than Canada/USA.

This file is 2.6 MB in size as it contains IP deny entries for the whole world.

I had to override the maximum size allowance for config files because it's so big.

I've noticed that restarting the web service or web site takes a lot longer with the large config file. With a 2.6 MB files it takes about 5-10 seconds to reboot the site / app pool / service.

I experimented with even larger files up to 30 MB and this causes the restart to take 60-120 seconds.

I have a feeling it's also causing issues with app pool recycling but I'm not sure.

Are there any other side effects to having a large config file?

Tomas Beblar
  • 121
  • 7
  • How did this go? Did you notice any degradation in your website once it had started up? I'm in the exact same situation. – nmit026 Dec 12 '17 at 07:42
  • 1
    @nmit026 Once it was up and running it was ok. However, the IIS start up on the website was MUCH slower. IIS app pool recycle took a while. Almost a full minute to start it up. It was a problem because our site recycles the app pool multiple times per day. In the end, I had to remove it. I would NOT recommend going with a large config file unless you don't mind waiting a while for the site to start or recycle. – Tomas Beblar Dec 12 '17 at 17:57
  • Brilliant answer, thanks. How did you implement country blocking? – nmit026 Dec 12 '17 at 20:16
  • @nmit026 We gave up on the feature. – Tomas Beblar Dec 13 '17 at 00:12
  • The other option would be to check the request IP address against a list of IP ranges stored in the database in an HTTP module, which would check every request. You'd have to test to see if that would slow things down too much. I don't know much about it but if you can control your environment you might be able to block these packets before they even hit your webserver by using some sort of software or hardware firewall. – nmit026 Dec 13 '17 at 00:32

0 Answers0