Bypass Upload Size Limits

Break the 4MB barrier by tweaking machine.config.

Hot Tip

LANGUAGES: HTML | All .NET Languages



Bypass Upload Size Limits

Break the 4MB barrier by tweaking machine.config.


By Jeff Prosise


Savvy ASP.NET programmers know the following tag declares a file-upload control in an ASP.NET Web page, letting users of that page browse for files in the local file system and upload them to the Web server with a button click:


<input type="file" id="FileUploadControl" runat="server" />


What many developers don't realize - until they run into it for the first time - is that by default ASP.NET limits the size of uploaded files to 4 MB. The limitation results from the following statement in machine.config, which limits requests to 4096K (4 MB), in part to protect the Web server from denial-of-service (DOS) attacks:


<httpRuntime ... maxRequestLength="4096" ... />


If you use ASP.NET file-upload controls and want to expand the maximum permitted file size, you can do so by modifying machine.config's <httpRuntime> element. Here's a modified <httpRuntime> element that permits users to upload files up to 8 MB in size:


<httpRuntime ... maxRequestLength="8192" ... />


If none of the apps on your site use file upload controls, consider decreasing the maxRequestLength value as added protection against DOS attacks.


Jeff Prosise is author of several books, including Programming Microsoft .NET (Microsoft Press). He also is a co-founder of Wintellect (, a software consulting and education firm that specializes in .NET. Got a question for this column? Submit queries to [email protected].





Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.