What is the difference between maxAllowedContentLength and maxRequestLength

Question

I looked online and couldn't find a proper explanation.

Link I checked: Difference

This link says:

If you are trying to upload large files (like images or documents) you need to be aware that you may need to adjust your maxRequestLength. Then if files are really big you may need to adjust the maxAllowedContentLength.

But both sentence mean the same and I am confused.

Another link: Difference

This says

The maxRequestLength indicates the maximum file upload size supported by ASP.NET, the maxAllowedContentLength specifies the maximum length of content in a request supported by IIS. Hence, we need to set both maxRequestLength and maxAllowedContentLength values to upload large files.

My Question is: If I have a file upload of 10GB. Is my content 10GB or is my FileSize 10GB? I don't understand what the difference is between file size being uploaded and the content size?

Bottom Line: Please tell me in layman terms if I have a file upload of 10GB how these two parameters come into picture.

Answer 1

Request consist of headers and body (that provides encoded content of the file in your case). So request length is total size of the request, content length is size in bytes of the body (which is likely more than size of data you are sending).

Fake sample:

User-agent: Bob the builder the 4th
Authorization: hereIcome
Content-length: 4
Content-Encoding: Base64

BEEF

So request length here is about 100, content length is just 4 (length of "BEEF") but actual data is 3 bytes ( FromBase64String("BEEF") - 0x04 0x41 0x05).

For case of huge files size of headers can be ignored and both maxRequestLength and maxAllowedContentLength set to the same very high value. Depending on encoding used to send files the values need to be some multiplier of max size of the file.

Answer 2

These settings differ both in semantics as well as usage.

maxAllowedContentLength

This is a IIS specific setting. Any request you send is going to be handled by IIS first, irrespective of the fact whether it is going to be handled by your application or any other. So, if you imagine the web server as a building, this is going to be your entry gate to the building. And as mentioned by @Alexei, this considers only the content or payload size and is measured in bytes. If you send a request whose payload size exceeds this limit, you are going to get a Http 404.13 error response (http response 404 with a subcode of 13. You can check the different IIS status codes in this link ).

maxRequestLength

In comparison, maxRequestLength is an ASP.Net specific setting, which defines the buffering threshold of the input stream. So, in the building example, this is the door of an apartment and hence is apartment specific. So, your request has to fit through both the building door and the apartment door. And this considers the entire request length, not just the payload, and is measured in kbs. If your request passes the IIS setting and fails to pass here due to size, you will get a Http 500 error.