Can IIS reject request by header value instead of waiting for entire request to be uploaded?

Question

While it's understood that we can configure IIS on two different levels for basically the same thing using MaxRequestLength and MaxAllowedContentLength (here), it is clear that IIS actually accepts (waits until it's downloaded) the entire request (potentially hundreds of MBs) before it decides that it must be rejected or filtered out.

Arguably, it is possible to consult header for request size or if header is inaccurate (has the length set to a smaller value than actual request size) - quit as soon as limit is exceeded.

If it matters - I'm working on a HttpHandler.

Is it possible to configure IIS to behave like this?

Answer 1

Well, at least I've tried. It appears this is one of the things you just can't do by design of IIS.

Answer 2

What you want to do is request filtering based on header content.

A HttpHandler is too far away from the HTTP stack to do something like that. At this step I am certain that the request have been downloaded and mapped.

It could do the deal with a HttpModule (Init) and HttpApplication events, but in the ASP.NET application the request is also certainly downloaded entirely before processing.

In IIS 7 and the integrated mode, ASP.NET modules can be declared in the IIS pipeline.

It's a good way to do request filtering. Anyway, I am pretty sure IIS have already downloaded the request before mapping it to any module/handler.

You can do it in the request-processing pipeline with Request Filtering. IIS 7.5 bring the Scan headers Fitlering Rules.

I can't affirm that your request will not be downloaded, but I think you can't do it sooner.

Introduction to IIS Architecture

ASP.NET Application Life Cycle Overview for IIS 7.0