IIS6 uses the maxRequestLength config setting under the system.web section to specify maximum file upload size with a default of 4 MB. IIS7 uses the maxAllowedContentLength config setting under the system.webServer section to specify maximum file upload size with a default of 28.6 MB. This is something to watch out for when migrating your web application from IIS6 to IIS7. Read on for more information how I found out about this new config setting for IIS7….
I have migrated several sites from IIS6 to IIS7 without much problems. One gotcha that I did get caught on is the new IIS7 config settings section (system.webServer) and those settings for specifying the maximum file size to be uploaded to the website. After migrating a certain web application from IIS6 to IIS7 everything appeared fine until a few customers began complaining about issues when uploading files to the website… in particular these were large files around 50MB.
In IIS 6.0 there is a config setting (attribute) called maxRequestLength located under the httpRuntime section in system.web that you can use to specify the maximum allowed request length (in other words the maximum uploaded file size). In IIS 6.0 the default is 4096 which is number of kilobytes allowed… so a 4MB file is the default file upload size under IIS 6.0.
A 4MB is pretty small these days so it is quite common to need to override the default and put in a different value here. For the web application that I was migrating to IIS7, we had increased the maximum file size to 200MB (and told our customers 200MB was the max upload too). This is what the httpRuntime section was set to:
<httpRuntime maxRequestLength="204800" executionTimeout="7200"/>
So we migrated the web application to IIS7, tested some large file uploads (we tested with 20MB files… note this for later) and everything seemed great. After rolling the website out to our customers, a couple weeks post release we got a couple complaints about customers not being able to upload files. Their files were about 50MB in size.
At first this was puzzling because we clearly had the config setting in place that indicated 200MB was the new limit (or so we thought) AND files larger than 4MB were allowed (we had tested 20MB files). But we could easily reproduce the customer issue with their 50MB files failing. So what was going on?
Eventually we tracked it down to IIS7 and the new config section called system.webServer. We had known that httpHandlers in IIS7 were now to be specified in the system.webServer/handlers section but what we did not know (and did not find out until our customers ran into it) was that the maximum request length setting for IIS7 is also in a new location. In IIS7 you specify the maximum size of a file to be uploaded to the website by using the maxAllowedContentLength setting (system.webServer/security/requestFiltering/requestLimits >> maxAllowedContentLength).
<requestLimits maxAllowedContentLength="209715200" ></requestLimits>
Now why didn’t our tests with 20MB files show this? Because in IIS7 the default value for the maxAllowedContentLength setting is 30000000 and that is in bytes: 30000000 bytes = 28.6 MB. So in IIS7 the default had increased to 28 MB so we did not notice it since we were testing with only 20 MB files (and assuming the default was 4MB). In the end we got this resolved fairly quickly and it showed an issue in our testing (we really should have been testing a 200MB file… the limits of what we tell our customers).