I'm using apache, PHP.
So, for php, even I set max file size, if someone upload a huge file, it will upload the whole thing to server, and then PHP return error. is that right?
I would like the web server or PHP to stop when the file size or the request size is larger than certain size.
is there a way to do it? I remember something like setting post_max_size or setting something in apache.conf but not sure if it will stop when the file goes over the max limit.
- I don't trust client side validation. so, I'm looking for either apache or php level solution. :)
Apache's LimitRequestBody, afaik, it just stops the connection when going over....
max_execution_time and max_input_time
These settings define the maximum life time of the script and the time that the script should spend in accepting input. If several mega bytes of data are being transfered max_input_time should be reasonably high. You can override the setting in the ini file for max_input_time by calling the set_time_limit() function in your scripts.
This is taken from http://www.radinks.com/upload/config.php
If you set lower values for these ini entries the script should timeout before the upload has completed
It's not possible to stop this from the server side - the file will still be uploaded before PHP decides whether to reject it. You'd need to add that detection on the client side. While you can't do this with a regular HTML form, flash uploaders can find out the filesize before the upload starts.
On the server side, you can't do anything useful with PHP - the files have always already been fully uploaded before PHP has a chance to say 'no'. To block upload (that is, disconnect the client part way through the POST), you'll need some web server magic lower down the stack. Perlbal is capable of doing this. Writing your own Apache module is a (brute force) solution. Using any kind of lightweight proxy in front of your main web server is the solution if you're worried about big uploads tying up web server resources.
It really depends why you want to limit large uploads. If it's to save users time, just add messaging that specifies max file size. If it's server resources, use a lightweight proxy in front of the server. If it's something else, well, what is it?
Use a hidden field called MAX_FILE_SIZE with a value indicating the max file size in bytes. See Example #1 on this page for further information.
<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="__URL__" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
Here is a simple jquery solution How to check file input size with jQuery?
But client side validation can be hacked easily.
Use $_FILES in php.
if($_FILES['name']['size'] > $limit){
// continue;
}
Use a timer (timeout) for each upload with a session progress feature in PHP 5.5 and measure the average time per size of the upload.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 男人必须洒脱 的文章《How to stop a oversize file upload while upload is》','https://www.manongdao.com/article-965153.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}