Information
The maxAllowedContentLength Request Filter is the maximum size of the http request, measured in bytes, which can be sent from a client to the server. Configuring this value enables the total request size to be restricted to a configured value. It is recommended that the overall size of requests be restricted to a maximum value appropriate for the server, site, or application.
Rationale:
Setting an appropriate value that has been tested for the maxAllowedContentLength filter will lower the impact an abnormally large request would otherwise have on IIS and/or web applications. This helps to ensure availability of web content and services, and may also help mitigate the risk of buffer overflow type attacks in unmanaged components.
Solution
The MaxAllowedContentLength Request Filter may be set for a server, website, or application using the IIS Manager GUI, using AppCmd.exe commands in a command-line window, and/or directly editing the configuration files. To configure using the IIS Manager GUI:
Open Internet Information Services (IIS) Manager
In the Connections pane, click on the server, site, application, or directory to be configured
In the Home pane, double-click Request Filtering
Click Edit Feature Settings... in the Actions pane
Under the Request Limits section, key the maximum content length in bytes that will allow applications to retain their intended functionality, such as 30000000 (approx. 28.6 MB)
To set this Request Filter using an AppCmd.exe command, run the following command at an elevated command prompt:
%systemroot%\system32\inetsrv\appcmd set config /section:requestfiltering /requestLimits.maxAllowedContentLength:30000000