According to this and this, assuming I host the website on IIS server, I should put the below codes to limit/increase the upload size. My question is: do I actually need to set all of them? If my concern is to prevent someone from uploading a huge file, consuming server bandwidth (which costs money), which one is absolutely needed? Do all of them "short-circuit" a request if they upload a big file without even receiving it?
web.config (I give it 101MB limit since 100MB would not allow 100MB file due to headers etc):
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="105906176" />
</requestFiltering>
</security>
</system.webServer>
Kestrel config (I put it just in case, I don't know if Kestrel is actually used if I host it on IIS):
builder.WebHost.ConfigureKestrel(opt =>
{
opt.Limits.MaxRequestBodySize = settings.MaxFileSize;
});
Multipart config
services.Configure<FormOptions>(opt =>
{
opt.MultipartBodyLengthLimit = settings.MaxFileSize;
});
And finally the API Controller method:
[HttpPost, Route("/test-upload")]
public IActionResult TestUpload([FromForm] IFormFile file)
{
if (file.Length > this.settings.MaxFileSize)
{
return this.BadRequest("File size exceeded");
}
return this.Ok();
}
I am making the project on IIS Express and I do not know how I can setup an environment that can test the above cases.