Displaying a meaningfull error when uploading too large a file

Question

We have set a fixed limit on the filesize of uploads on our site - below the size of the default asp.net and iis setting.

I have a simple catch setup in Application_BeginRequest that catches this (it's not excat since it checks the ContentLength including all other form data but it's good enough). I want to either resume processing of the page the user tried to upload to, or as a fallback plan redirect the user to a page, explaining that the filesize was too big (we already have a subtitle explaining this, but you know users - 'they don't need to read no stinking subtitles').

So what's the problem? Well it seems that my Response was already sent to the user - a 404 explaining that the page could not be found. I don't want this behaviour, i want to flush this response, since it's not the one i want the user to see - i want to show something else - build my own response, redirect or just process the page they were supposed to get anyways.

I think the problem might still be IIS rejecting the request/post since the file is bigger than what IIS wants. I really do dig this - a mad user trying to upload a 20meg picture shouldn't be allowed to DoS the IIS to its knees, but is this it? Or do i get a chance to intercept this response to the user - instead of increasing the max size on the IIS and thus spending bandwith on receiving this file, i just want to identify this post as 'being too big' and sending an apropriate response back to the user.

Answer 1

I had this same problem and after lots of searching there seems to be no perfect solution to this. You can change the Max Request Length to set at which point IIS will serve the ASP.Net error. You can also catch this error on global.asax and show the user a more freindly error page.

You can find more information on doing this here http://www.developer.com/db/article.php/10920_3426051_2

Answer 2

Great resource!

I used the link above to implement a catch on files being uploaded to the server that were too large and being redirected to the default error page

web.config ->

    < customErrors mode="RemoteOnly" defaultRedirect="~/GenericError.htm" />

MyPage.aspx.cs ->

    protected void Page_Error(object sender, EventArgs e)
    {
        if (HttpContext.Current.Error is HttpException)
            if ((HttpContext.Current.Error as HttpException).ErrorCode == -2147467259)
            {
                Server.ClearError();
                Response.Redirect(@"~/FileSizeError.htm", false);
            }
    }

Answer 3

The answers above didn't work for me on IIS 7.5. We finally came up with the following:

void Application_PreSendRequestHeaders(Object sender, EventArgs e)
{
    if (
        Request.Headers["Content-Length"] != null && 
        int.Parse(Request.Headers["Content-Length"]) > 150000000 &&
        Request.RawUrl.EndsWith("/Release/ProjectReleases.aspx?Mode=Create"))
    {
        try
        {
            Response.Redirect("http://anyurl", true);
        }
        catch (HttpException ex)
        {
            if (ex.Message == "Maximum request length exceeded.")
            {
                Server.ClearError();
                Response.ClearHeaders();
                Response.Redirect("http://www.edward-williams.com", true);
            }
        }
    }
}

Didn't have to modify the max upload size. Granted the final version actaully set a static value for the max upload size based on the value in the web.config and redirected to a custom error page vs that homepage, but you get the idea.