« Previous Next »

• 01-12-2009, 3:15 AM

  sumitatiis Joined on 01-12-2009, 7:55 AM Posts 1

  Security threats of increasing AspMaxRequestEntityAllowed field in IIS 6.0 metabase Reply Contact Hi All, I am hosting one Classic ASP on my server. This website has the picture upload feature. But i am not able to upload the image of 200kb. But if i change the Metabase of IIS 6.0 (AspMaxRequestEntityAllowed property) I can. But now i want to know if there are any security threats if i increase the size? Is there any specific upper limit up to which i can increase the size? Your help will be appericated.  Thanks -Sumit

• 01-12-2009, 7:01 AM

  In reply to

  jeff@zina.com Joined on 09-26-2003, 10:43 AM Naples, FL, USA Posts 2,090

  Re: Security threats of increasing AspMaxRequestEntityAllowed field in IIS 6.0 metabase Reply Contact I think I remember the max limit as 65,535, but I can't remember why I think that.  I could easily be wrong.  As for security, there's really nothing about this that changes security, with the possible exception that you might be able to design a denial of service attack that uses a larger file.  Even then it really doesn't change the risks. Jeff Look for Wrox's new book Professional IIS 7 in your local bookstore, or order now at Amazon.com

• 01-12-2009, 8:51 AM

  In reply to

  qbernard Joined on 03-25-2003, 10:12 PM Malaysia Posts 3,183

  Re: Security threats of increasing AspMaxRequestEntityAllowed field in IIS 6.0 metabase Reply Contact You can set it to any value you want.. say 1gb or so.. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a6401b5e-c902-4035-90aa-ee46c270d357.mspx?mfr=true For security concern, potentially huge upload by take down the server resource or slowing down things... similar thread in the past> http://forums.iis.net/t/566116.aspx   Cheers, Bernard Cheah