Bypass Upload Size Limits

Hot Tip

LANGUAGES:HTML | All .NET Languages

ASP.NET VERSIONS:1.0 | 1.1

Bypass Upload Size Limits

Break the 4MB barrier by tweaking machine.config.

By Jeff Prosise

Savvy ASP.NET programmers know the following tag declaresa file-upload control in an ASP.NET Web page, letting users of that page browsefor files in the local file system and upload them to the Web server with abutton click:

What many developers don'trealize - until they run into it for the first time - is that by defaultASP.NET limits the size of uploaded files to 4 MB. The limitation results fromthe following statement in machine.config, which limits requests to 4096K (4MB), in part to protect the Web server from denial-of-service (DOS) attacks:

If you use ASP.NET file-upload controls and want to expandthe maximum permitted file size, you can do so by modifying machine.config's element. Here's a modified element thatpermits users to upload files up to 8 MB in size:

If none of the apps on your site use file upload controls,consider decreasing the maxRequestLength value as added protection against DOSattacks.

Jeff Prosise isauthor of several books, including ProgrammingMicrosoft .NET (Microsoft Press). He also is a co-founder of Wintellect(http://www.wintellect.com),a software consulting and education firm that specializes in .NET. Got aquestion for this column? Submit queries to [email protected].