We have used AjaxUploader in our ASP.NET application and set MaxSizeKB as 2048 for 2 MB files. During security testing by third party company, they were able to remove client side validation in proxy (Fiddler) and upload 1 GB file. Even though we have set maxRequestLength and maxAllowedContentLength as 5MB in config file, AjaxUploader is sending file to the server as multiple partial requests and size of these requests are less than maxAllowedContentLength.

Is there a way, we can disable sending file as partial requests or set size of each partial request?