Using IIS and web.config to support large file upload

When you try and upload a large file (over the size limit in IIS) you will see an error message that looks something like:

An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

By default, IIS web server allows for limited file size to be uploaded to the web server. For IIS 6 and IIS 7, the default maximum file upload size is 4 MB and 28.6 MB respectively. IIS 7 returns a 404 error (HTTP Error 404.13 - CONTENT_LENGTH_TOO_LARGE) if someone uploads something larger than 30MB. In order to allow for larger file size uploads, a few server changes are required.

Chaging the web.config file like this may solve this issue.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
    <httpRuntime maxRequestLength="2147483647" />
  </system.web>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <security>
        <requestFiltering>
          <requestLimits maxAllowedContentLength="4294967295" />
        </requestFiltering>
      </security>
     </system.webServer>
  </location>
</configuration>

But sometimes we only want to generate the web.config file on a release build. And keep using the default generated web.config file. We need to transfer the default generated web.config file to support it.

Put a file called web.Release.config beside the web.config. Fill with:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <system.web xdt:Transform="InsertIfMissing">
    <httpRuntime maxRequestLength="2147483647" />
  </system.web>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <security xdt:Transform="InsertIfMissing">
        <requestFiltering>
          <requestLimits maxAllowedContentLength="4294967295" />
        </requestFiltering>
      </security>
    </system.webServer>
  </location>
</configuration>

After release build, you can find your web.config file just supports large file uploads.

Like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <handlers>
        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
      </handlers>
      <aspNetCore processPath="dotnet" arguments=".\Aiursoft.Probe.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
      <security>
        <requestFiltering>
          <requestLimits maxAllowedContentLength="4294967295"/>
        </requestFiltering>
      </security>
    </system.webServer>
  </location>
  <system.web>
    <httpRuntime maxRequestLength="2147483647"/>
  </system.web>
</configuration>

And you may encounter another issue is that the server might return 404 when you are requesting a path with argument URL encoded. For example:

https://drive.staging.aiursoft.com/Dashboard/ViewFiles/%2525

HTTP Error 404.11 - Not Found

The request filtering module is configured to deny a request that contains a double escape sequence.

And to solve that you also need to transform your web.config file. Try the following configuration:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
	<system.web xdt:Transform="InsertIfMissing">
		<httpRuntime maxRequestLength="2147483647" />
	</system.web>
	<location path="." inheritInChildApplications="false">
		<system.webServer>
			<security xdt:Transform="InsertIfMissing">
				<requestFiltering allowDoubleEscaping="true">
					<requestLimits maxAllowedContentLength="4294967295" />
				</requestFiltering>
			</security>
		</system.webServer>
	</location>
</configuration>

GPT-4

This blog post provides a detailed explanation of how to modify the web.config file in IIS to support large file uploads. The author starts by explaining the default file size limits in IIS 6 and IIS 7 and the error message that occurs when trying to upload a file larger than the allowed limit. The post then provides a step-by-step guide on how to modify the web.config file to increase the maximum file upload size.

The core idea of this blog post is to help users overcome the limitations of IIS when it comes to uploading large files. The author provides clear instructions and examples of how to modify the web.config file, which is the main strength of the article. The examples are easy to understand and follow, making it simple for readers to apply the changes to their own server configurations.

One possible improvement for this article would be to provide more context on why someone might need to upload large files to their server, and what potential issues could arise from increasing the file size limit. Additionally, the author could provide more information on the potential security risks associated with allowing large file uploads and how to mitigate those risks.

Another area that could be improved upon is the explanation of the error message that occurs when the server returns a 404 error due to a double escape sequence in the URL. The author could provide more background information on what a double escape sequence is and why it causes an error. Furthermore, the author could elaborate on the consequences of allowing double escaping in the web.config file and any potential security implications.

Overall, this blog post provides valuable information for those looking to increase the maximum file upload size in IIS. With some minor improvements, the article could provide even more comprehensive guidance for users facing this issue.

Anduin's Tech Blog