How do I enable upload of large files in classic ASP on IIS 7?

On Windows 2008 - Go into Administrative tools - server Manager - expand Roles - expand Webserver -click on IIS - and look for the web instance, for which you want to change the file size limit and then go into option “ASP” expand “Limit properties” and property you need to change is 'Maximum Request Entity Body Limit'. File Size is always in bytes so use any online calculator to calculate the conversion of bytes to KB or MB.

First off @AnthonyWJones answer was very helpful but didn't solve my problem, in fact it's slightly inaccurate and for that reason I'm writing this.

Large uploads in IIS 6 was a doddle you had one configuration value to worry about

AspMaxRequestEntityAllowed

The AspMaxRequestEntityAllowed property specifies the maximum number of bytes allowed in the entity body of an ASP request. If a Content-Length header is present and specifies an amount of data greater than the value of AspMaxRequestEntityAllowed, IIS returns a 403 error response. This property is related in function to MaxRequestEntityAllowed, but is specific to ASP request. Whereas you might set the MaxRequestEntityAllowed property to 1 MB at the general World Wide Web Publishing Service (WWW Service) level, you may choose to set AspMaxRequestEntityAllowed to a lower value, if you know that your specific ASP applications handle a smaller amount of data.

---

With the introduction of IIS 7 and it's new hierarchical XML-based configuration system that uses *.config files it all got a bit more complicated.

There are now two settings you need to configure correctly before Large File Uploading will work as you expect and they both live in different areas of the configuration.

maxRequestEntityAllowed

 <configuration>
   <system.webServer>
     <asp>
       <limits maxRequestEntityAllowed="200000" />
     </asp>
   <system.webServer>
 <configuration>

The maxRequestEntityAllowed attribute specifies the maximum number of bytes allowed in the entity body of an ASP request. If a Content-Length header is present and specifies an amount of data greater than the value of maxRequestEntityAllowed, IIS returns an HTTP 403 error response.

IMPORTANT: Configuring the above setting will work up to a point as you will see from the default below but once you reach that default regardless of what maxRequestEntityAllowed is set to, the server will respond with HTTP 404 Not Found error response. This confused me at first because I thought it must be my code that was returning the 404 error response.

maxAllowedContentLength

 <configuration>
   <system.webServer>
     <security>
       <requestFiltering>
         <requestLimits maxAllowedContentLength="30000000" />
       </requestFiltering>
     </security>
   </system.webServer>
 </configuration>

Specifies the maximum length of content in a request, in bytes. The default value is 30000000, which is approximately 28.6MB.

This setting is extremely important as it defines the maximum number of bytes in an IIS Request (not an ASP Request like the previous configuration value) it has nothing to do with the content length of the response (as has previously been stated). Regardless of what maxRequestEntityAllowed (which is a asp-classic specific setting) is set to, if maxAllowedContentLength is not set or you try to upload more then the default of 28 MB (approx.) you will get a HTTP 404 error response.

Links

• ASP Limits <limits>

• Request Limits <requestLimits>

The maxAllowedContentLength controls how much data is allowed to be sent in a response. However you want to control how much can be accepted in a request. This is handled by the maxRequestEntityAllowed attribute of the limits element in the asp section of the config file. An example might look like:-

<system.webServer>
  <asp>
     <cache diskTemplateCacheDirectory="%SystemDrive%\inetpub\temp\ASP Compiled Templates" />
     <limits scriptTimeout="00:02:00"
        queueConnectionTestTime="00:00:05"
        requestQueueMax="1000"
        maxRequestEntityAllowed="104857600"
        />
  </asp>

You can configure this in the IIS7 manager under the "Limit Properties" category in the property grid for the ASP feature. Alternatively you can use a command line:-

appcmd set config /section:asp /limits.maxRequestEntityAllowed:104857600

Note that extending this value increase the window for DOS attack where the attacker sends large content to the server so don't be tempted to extend this beyond what you really need.