Limit the HTTP request buffer

Not long ago, it was discovered that some Web sites are vulnerable 
to a kind of attack in which executable code is sent to the Web page 
through the HTTP request buffer. In response to this threat, 
Microsoft introduced a new IIS registry key, MaxClientRequestBuffer. 
In IIS4, the default maximum size of the request buffer is 2MB, while 
in IIS5, it has shrunk to 128KB. If you wish to increase (not 
recommended) or decrease the size of the buffer, simply navigate to 
the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w3svc\parameters

Then edit the MaxClientRequestBuffer key. If this key doesn't exist, 
add it, and set its data type to REG_DWORD. Then, in the DWORD Editor, 
select Decimal under Radix, and then enter the number of bytes for 
the buffer.

You might also like...

Comments

ElementK Journals

Contribute

Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

“Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.” - Brian Kernighan