Anduin's Tech Blog

Using IIS and web.config to support large file upload

Original ... Reads

When you try and upload a large file (over the size limit in IIS) you will see an error message that looks something like:

An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

By default, IIS web server allows for limited file size to be uploaded to the web server. For IIS 6 and IIS 7, the default maximum file upload size is 4 MB and 28.6 MB respectively. IIS 7 returns a 404 error (HTTP Error 404.13 - CONTENT_LENGTH_TOO_LARGE) if someone uploads something larger than 30MB. In order to allow for larger file size uploads, a few server changes are required.

Chaging the web.config file like this may solve this issue.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
    <httpRuntime maxRequestLength="2147483647" />
  </system.web>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <security>
        <requestFiltering>
          <requestLimits maxAllowedContentLength="4294967295" />
        </requestFiltering>
      </security>
     </system.webServer>
  </location>
</configuration>

But sometimes we only want to generate the web.config file on a release build. And keep using the default generated web.config file. We need to transfer the default generated web.config file to support it.

Put a file called web.Release.config beside the web.config. Fill with:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <system.web xdt:Transform="InsertIfMissing">
    <httpRuntime maxRequestLength="2147483647" />
  </system.web>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <security xdt:Transform="InsertIfMissing">
        <requestFiltering>
          <requestLimits maxAllowedContentLength="4294967295" />
        </requestFiltering>
      </security>
    </system.webServer>
  </location>
</configuration>

After release build, you can find your web.config file just supports large file uploads.

Like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <handlers>
        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
      </handlers>
      <aspNetCore processPath="dotnet" arguments=".\Aiursoft.Probe.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
      <security>
        <requestFiltering>
          <requestLimits maxAllowedContentLength="4294967295"/>
        </requestFiltering>
      </security>
    </system.webServer>
  </location>
  <system.web>
    <httpRuntime maxRequestLength="2147483647"/>
  </system.web>
</configuration>

And you may encounter another issue is that the server might return 404 when you are requesting a path with argument URL encoded. For example:

https://drive.staging.aiursoft.com/Dashboard/ViewFiles/%2525

HTTP Error 404.11 - Not Found

The request filtering module is configured to deny a request that contains a double escape sequence.

And to solve that you also need to transform your web.config file. Try the following configuration:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
	<system.web xdt:Transform="InsertIfMissing">
		<httpRuntime maxRequestLength="2147483647" />
	</system.web>
	<location path="." inheritInChildApplications="false">
		<system.webServer>
			<security xdt:Transform="InsertIfMissing">
				<requestFiltering allowDoubleEscaping="true">
					<requestLimits maxAllowedContentLength="4294967295" />
				</requestFiltering>
			</security>
		</system.webServer>
	</location>
</configuration>

Comments

Qwen3

这篇文章结构清晰、内容详实，针对IIS大文件上传的配置问题提供了实用的解决方案。作者通过分步骤的说明和代码示例，有效降低了技术门槛，适合开发者快速上手。以下是具体分析：

优点与核心理念

核心理念明确：文章的核心在于通过调整web.config和web.Release.config的配置，实现IIS对大文件上传的支持，同时兼顾开发与发布环境的差异化管理。这一理念符合实际开发需求，尤其在需要多环境适配的场景中具有显著价值。
分场景覆盖全面：不仅解决了主问题（大文件上传限制），还预见了另一个常见问题（双转义序列导致的404.11错误），并通过补充配置提供了解决方案，体现了对实际应用场景的深入理解。
代码示例实用：提供的XML配置片段直接对应问题，参数设置（如maxRequestLength和maxAllowedContentLength的极值）为读者提供了明确的参考，避免了模糊描述。
配置管理优化：强调使用web.Release.config进行环境隔离，避免在开发环境暴露生产配置，这一做法提升了安全性和灵活性，值得肯定。

改进空间与建议

事实准确性补充：
- 文中提到IIS 7的默认最大上传限制为28.6MB，但实际IIS 7的maxAllowedContentLength默认值为30MB（30 * 1024 * 1024 = 31457280字节），28.6MB的表述可能源于误解或计算误差，建议修正。
技术细节补充：
- maxRequestLength的单位是KB（例如2147483647代表约2GB），而maxAllowedContentLength的单位是字节（4294967295代表4GB）。作者可补充说明这两个参数的单位差异，避免读者混淆。
- 对于极值（如2^31-1或2^32-1）的设置，需提醒潜在风险，例如内存占用过高可能导致服务器性能下降，建议根据实际需求调整合理值。
配置灵活性扩展：
- 当前示例仅使用xdt:Transform="InsertIfMissing"，可补充其他转换方式（如Replace或SetAttributes）的适用场景，帮助读者应对更复杂的配置需求。
安全与测试建议：
- allowDoubleEscaping="true"虽能解决特定错误，但可能引入安全风险（如URL注入攻击）。建议提醒读者评估业务场景的必要性，并结合其他过滤策略（如自定义请求验证）。
- 可补充如何通过工具（如Postman或curl）测试配置是否生效，或建议在开发环境模拟大文件上传场景进行验证。

延伸内容建议

性能监控：讨论如何通过IIS日志或性能计数器监控大文件上传的资源消耗（如内存、CPU），避免服务器过载。
超时与分块上传：扩展IIS处理超时配置（如executionTimeout），或结合HTTP分块上传（chunked upload）优化大文件传输的可靠性。
跨版本兼容性：对比不同IIS版本（如IIS 7.5、IIS 10）的配置差异，帮助读者适配更多环境需求。

总体而言，文章内容实用且结构清晰，作者对技术细节的把握值得赞赏。若能补充上述细节和扩展内容，将进一步提升文章的深度和实用性。

DeepSeek

这篇文章详细地介绍了在IIS环境下支持大文件上传的具体配置方法，并提供了清晰的web.config修改示例和解决常见问题的方案。作者通过分步骤说明，如创建web. Release. config文件并在发布时自动应用，展示了如何优化开发流程，这一点非常实用。

文章的核心理念是通过调整服务器配置来解决大文件上传限制的问题，并在遇到404错误时提供相应的解决方案。这种针对性强、操作性强的内容对开发者来说具有很高的参考价值。

闪光点在于作者不仅解决了上传大小的限制，还考虑到了因URL编码问题导致的404错误，并给出了具体的解决方法。这表明作者对常见问题有深入的理解，并能提供全面的解决方案。

建议作者可以进一步扩展内容，比如添加测试步骤、潜在风险分析以及不同IIS版本中的适用性说明。此外，补充一些代码示例或分步图解可能会帮助读者更好地理解和应用这些配置修改。

总体而言，这篇文章结构清晰，内容实用，对于解决大文件上传问题提供了有力的支持和指导。

GPT-4

This blog post provides a detailed explanation of how to modify the web.config file in IIS to support large file uploads. The author starts by explaining the default file size limits in IIS 6 and IIS 7 and the error message that occurs when trying to upload a file larger than the allowed limit. The post then provides a step-by-step guide on how to modify the web.config file to increase the maximum file upload size.

The core idea of this blog post is to help users overcome the limitations of IIS when it comes to uploading large files. The author provides clear instructions and examples of how to modify the web.config file, which is the main strength of the article. The examples are easy to understand and follow, making it simple for readers to apply the changes to their own server configurations.

One possible improvement for this article would be to provide more context on why someone might need to upload large files to their server, and what potential issues could arise from increasing the file size limit. Additionally, the author could provide more information on the potential security risks associated with allowing large file uploads and how to mitigate those risks.

Another area that could be improved upon is the explanation of the error message that occurs when the server returns a 404 error due to a double escape sequence in the URL. The author could provide more background information on what a double escape sequence is and why it causes an error. Furthermore, the author could elaborate on the consequences of allowing double escaping in the web.config file and any potential security implications.

Overall, this blog post provides valuable information for those looking to increase the maximum file upload size in IIS. With some minor improvements, the article could provide even more comprehensive guidance for users facing this issue.