Well, here’s a new one I ran across recently. My customer was trying to upload some files using Coldfusion by doing a simple post and was getting a HTTP 413 response when the files were larger than 128K. IIS6 uses a new metabase property called UploadReadAheadSize when passing data to an ISAPI extension. In this particular case the customer was using CAC (client access certs) and so the SSL preload was using this property to determine the maximum buffer size for the incoming request. The default size for this buffer is 48k, which was added to prevent anonymous DOS attacks by uploading very large garbage files.
The fix is simply to up the size of the UploadReadAheadSize metabase property. One thing I would like to point out is an error in the technet documentation that explains how to do this (link below). The following link instructs you to set the size as follows:
cscript adsutil.vbs set w3svc/1/uploadreadaheadsize 200
Which should read:
cscript adsutil.vbs set w3svc/1/uploadreadaheadsize 204800
The metabase setting is represented in bytes, not KB as the technet article would suggest. You can change this setting up to 4GB although you probably wouldn’t want to do so unless you had a compelling business need. Of course a site that required authentication would be an effective way of limiting the chances of DoS, so if you do need to up this limit, you should consider requiring client authentication to connect.
Client cannot renegotiate request and returns an HTTP 413 error (IIS 6.0)
Other useful related links:
HTTP/1.1 200 OK