IIS7 - The request filtering module is configured to deny a request that exceeds the request content length

62
votes

I want to upload images, it works fine on my machine but when I put my website on IIS7 server for public I can't upload anything.

Error

The request filtering module is configured to deny a request that exceeds the request content length.

Most likely causes

Request filtering is configured on the Web server to deny the request because the content length exceeds the configured value.

Things you can try

Verify the configuration/system.webServer/security/requestFiltering/requestLimits@maxAllowedContentLength setting in the applicationhost.config or web.config file.

system.webServer in Web.config

  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true" />
    <security>
      <requestFiltering>
         <requestLimits maxAllowedContentLength="1048576" />
      </requestFiltering>
   </security>
  </system.webServer>

As you can see I set my maxAllowedContentLength to 1gb. Restarted my website and still getting this error. I made an /uploads/ folder on my file system where it suppose to be as well. Have no idea what causes this error and why I can't upload images.

3
asp.netasp.net-mvc-3iisiis-7
maxAllowedContentLength is in bytes. You've set a 1MB limit. msdn.microsoft.com/en-us/library/ms689462%28VS.90%29.aspxStuartLC
Latest MSDN documentation is in KB: msdn.microsoft.com/en-us/library/…Vince I

3 Answers

44
votes
<configuration>
    <system.web>
        <httpRuntime maxRequestLength="1048576" />
    </system.web>
</configuration>

From here.

For IIS7 and above, you also need to add the lines below:

 <system.webServer>
   <security>
      <requestFiltering>
         <requestLimits maxAllowedContentLength="1073741824" />
      </requestFiltering>
   </security>
 </system.webServer>
3
votes

The following example Web.config file will configure IIS to deny access for HTTP requests where the length of the "Content-type" header is greater than 100 bytes.

  <configuration>
   <system.webServer>
      <security>
         <requestFiltering>
            <requestLimits>
               <headerLimits>
                  <add header="Content-type" sizeLimit="100" />
               </headerLimits>
            </requestLimits>
         </requestFiltering>
      </security>
   </system.webServer>
</configuration>

Source: http://www.iis.net/configreference/system.webserver/security/requestfiltering/requestlimits

0
votes

I had similar issue, I resolved by changing the requestlimits maxAllowedContentLength ="40000000" section of applicationhost.config file, located in "C:\Windows\System32\inetsrv\config" directory

Look for security Section and add the sectionGroup.

<sectionGroup name="requestfiltering">
    <section name="requestlimits" maxAllowedContentLength ="40000000" />
</sectionGroup>

*NOTE delete;

<section name="requestfiltering" overrideModeDefault="Deny" />