Simon Fell > Its just code > maxRequestLength

Saturday, July 26, 2003

ASP.NET has a feature that limits the size of a HTTP request message, as part of an attempt to reduce possible DOS attacks. The exact limit (which defaults to 4MB) can be changed by adding an entry to your web.config file.

All good, until you start looking at file uploads, then you realize that the way in which the large request error is managed, makes it just about impossible to do a user friendly upload form, that will report if they attempt to upload a file larger than allowed. It seems that once ASP.NET sees the request go over the limit, it responds with a 400 bad request error, there's no way from your .aspx page code to trap this and do anything more friendly with it. IE shows the horrible no server or DNS error message when faced with a 400 error, unless you also have smart Navigation turned on, in which case the smartNav frame seems to hide the error page, and the user is left looking at the page they were on with no indication as to what's going on. Mozilla gives a "response contained no data" error message, whilst Firebird, does some strange looking lookup to find a new site to look at (i.e. if this url http://coldcut/scripts/upload.aspx returns the 400 error, firebird redirects me to !).

I googled around, but didn't spot any workable solutions. I did find however that if you get in and check the contentlength early enough, you can redirect to a different page to show the user more reasonable error message. You can't do it from the page, but if you handle the BeginRequest event from a custom module or from the global.asax and check it there, it'll work.

ASP.NET is a massive step up from ASP, but it still has some rough edges, I hope they get sorted out for the next release.