IIS 7 — “Maximum Requesting Entity Body Limit”
It is certainly easy enough to increase the field “Maximum Requesting Entity Body Limit” in IIS 7.
Has anyone encountered risks to increasing this limit past 1 000 000 ? (one million)?
This is for a web-hosting application that contains “classic asp” legacy pages.
Answer
Copied from the comment.
Usually the relevant IIS settings are set to prevent common security vulnerabilities.
In your case, if I know your site, and you are using such a setting, I can easily DDOS it by sending HTTP requests with large entity body. The cause is that processing large entity body does consume lots of server resources, and your server cannot have unlimited resources.
Do set a moderate value to protect yourself. This also applies to other settings, such as max connections, max bandwidth, and so on.
Attribution
Source : Link , Question Author : JosephDoggie , Answer Author : Lex Li
