-->

Increase the IIS 6 maximum request length for ASP pages Submitted by admin, on January 5th, 2012 A default installation of IIS 6 on a Windows machine (Server or workstation) will limit the maximum request size for ASP scripts to 200kb.

Overview

The <requestLimits> element specifies limits on HTTP requests that are processed by the Web server. These limits include the maximum size of a request, the maximum URL length, and the maximum length for a query string. In addition, the <requestLimits> element can contain a collection of user-defined HTTP header limits in the <headerLimits> element, which allows you to define custom settings on HTTP headers.

Note

When request filtering blocks an HTTP request because an HTTP request exceeds the request limits, IIS 7 will return an HTTP 404 error to the client and log one of the following HTTP statuses with a unique substatus that identifies the reason that the request was denied:

These substatuses allow Web administrators to analyze their IIS logs and identify potential threats.

In addition, when an HTTP request exceeds the header limits that are defined in the in the <headerLimits> element, IIS 7 will return an HTTP 404 error to the client with the following substatus:

Compatibility

Setup

The default installation of IIS 7 and later includes the Request Filtering role service or feature. If the Request Filtering role service or feature is uninstalled, you can reinstall it using the following steps.

Windows Server 2012 or Windows Server 2012 R2

1. On the taskbar, click Server Manager.
2. In Server Manager, click the Manage menu, and then click Add Roles and Features.
3. In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
4. On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Security, and then select Request Filtering. Click Next.
   .
5. On the Select features page, click Next.
6. On the Confirm installation selections page, click Install.
7. On the Results page, click Close.

Windows 8 or Windows 8.1

1. On the Start screen, move the pointer all the way to the lower left corner, right-click the Start button, and then click Control Panel.
2. In Control Panel, click Programs and Features, and then click Turn Windows features on or off.
3. Expand Internet Information Services, expand World Wide Web Services, expand Security, and then select Request Filtering.
   
4. Click OK.
5. Click Close.

Windows Server 2008 or Windows Server 2008 R2

1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
4. On the Select Role Services page of the Add Role Services Wizard, select Request Filtering, and then click Next.
   
5. On the Confirm Installation Selections page, click Install.
6. On the Results page, click Close.

Windows Vista or Windows 7

1. On the taskbar, click Start, and then click Control Panel.
2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
3. Expand Internet Information Services, then World Wide Web Services, and then Security.
4. Select Request Filtering, and then click OK.
   

How To

Note for IIS 7.0 users: Some of the steps in this section may require that you install the Microsoft Administration Pack for IIS 7.0, which includes a user interface for request filtering. To install the Microsoft Administration Pack for IIS 7.0, please see the following URL:

How to edit the request filtering feature settings and request limits

1. Open Internet Information Services (IIS) Manager:

   • If you are using Windows Server 2012 or Windows Server 2012 R2:

     • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

   • If you are using Windows 8 or Windows 8.1:

     • Hold down the Windows key, press the letter X, and then click Control Panel.
     • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

   • If you are using Windows Server 2008 or Windows Server 2008 R2:

     • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

   • If you are using Windows Vista or Windows 7:

     • On the taskbar, click Start, and then click Control Panel.
     • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
2. In the Connections pane, go to the connection, site, application, or directory for which you want to modify your request filtering settings.
3. In the Home pane, double-click Request Filtering.
   
4. Click Edit Feature Settings... in the Actions pane.
   

5. Specify your options, and then click OK.
   For example, you could make the following changes:

   • Change the maximum URL length to 2KB by specifying 2048.
   • Change the maximum query string length to 1KB by specifying 1024.
   • Deny access to unlisted HTTP verbs by clearing the Allow unlisted verbs check box.

How to add limits for HTTP headers

1. Open Internet Information Services (IIS) Manager:

   • If you are using Windows Server 2012 or Windows Server 2012 R2:

     • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

   • If you are using Windows 8 or Windows 8.1:

     • Hold down the Windows key, press the letter X, and then click Control Panel.
     • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

   • If you are using Windows Server 2008 or Windows Server 2008 R2:

     • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

   • If you are using Windows Vista or Windows 7:

     • On the taskbar, click Start, and then click Control Panel.
     • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
2. In the Connections pane, go to the connection, site, application, or directory for which you want to modify your request filtering settings.
3. In the Home pane, double-click Request Filtering.
   
4. In the Request Filtering pane, click the Headers tab, and then click Add Header... in the Actions pane.
   

5. In the Add Header dialog box, enter the HTTP header and the maximum size that you want for the header limit, and then click OK.
   

   For example, the 'Content-type' header contains the MIME type for a request. Specifying a value of 100 would limit the length of the 'Content-type' header to 100 bytes.

Configuration

Attributes

Child Elements

Configuration Sample

The following example Web.config file will configure IIS to deny access for HTTP requests where the length of the 'Content-type' header is greater than 100 bytes.

Sample Code

The following code samples will configure IIS to deny access for HTTP requests where the length of the 'Content-type' header is greater than 100 bytes.

AppCmd.exe

PowerShell

Iis 8.5 Max Upload Size

C#

VB.NET

JavaScript

VBScript

Windows Server 2008 R2 Datacenter IIS 6.1

We're experiencing issues trying to upload a file larger than 1.5mb on our PHP web application. PHP upload limit is set to 20mb and verified.

I've been looking for solutions but none of them exist on this particular version of Windows and IIS 6.1, eg; like modifying the 'metabase.xml' file (it cannot be found on the server). Does anyone have any suggestions please?

2 Answers

I'm thinking perhaps you're running into a time-out issue waiting for the upload to finish, and not really a size limitation.

Here's some info from the PHP folks that may be candidates for checking:

'max_execution_time' integer

This sets the maximum time in seconds a script is allowed to run before it is terminated by the parser. This helps prevent poorly written scripts from tying up the server. The default setting is 30. When running PHP from the command line the default setting is 0.

The maximum execution time is not affected by system calls, stream operations etc. Please see the 'set_time_limit()' function for more details.

Your web server can have other timeout configurations that may also interrupt PHP execution. Apache has a Timeout directive and IIS has a CGI timeout function. Both default to 300 seconds. See your web server documentation for specific details.

'max_input_time' integer

This sets the maximum time in seconds a script is allowed to parse input data, like POST, GET and file uploads.

Note: The set_time_limit() function and the configuration directive max_execution_time only affect the execution time of the script itself. Any time spent on activity that happens outside the execution of the script such as system calls using system(), stream operations, database queries, etc. is not included when determining the maximum time that the script has been running. This is not true on Windows where the measured time is real.

Additionally here's some info on checking/setting CGI Timeout in IIS5 and 6.

HTH

Wordpress Increase File Upload Size Limit

You might want to take a look at this post:

Iis Max File Size Download

Increase File Upload Size Iis 6 0

Not the answer you're looking for? Browse other questions tagged windows-server-2008iis-6upload or ask your own question.