The maximum size of the web.config file is 250KB. This file size has a limit set on it to prevent Denial Of Service (DoS) attacks as well as to keep the file manageable.
In one of the production environments running Windows Server 2003 R2, this file size went upto 300KB. When the team migrated the app to run on Windows Server 2008 R2 and IIS 7.5, they received an error “cannot read configuration file because it exceeds the maximum file size”.
The issue was resolved by changing a registry key.
HKLM\SOFTWARE\Wow6432Node\Microsoft\InetStp\Configuration\MaxWebConfigFileSizeInKB (REG_DWORD)
Make sure to restart the process once the key is updated.
Surely this is creates a security issue that wouldn't have been there before?
ReplyDelete@Cooperman yes as I have mentioned, the restriction is to prevent a DDos attack.
ReplyDelete