On May 24, 5:04 pm, laspal <amit.las...@gmail.com> wrote:
> Hi,
>  How to restrict the size of file being uploaded. I am using django
> 1.1 with apache. Can I use apache for this and show some html error
> page if say size is bigger then 100MB.
> I can use LimitRequestBody for restricting the file size in apache,
> My problem is I wanted to show some error page if size is bigger then
> 100MB before the file is actually uploaded.

Technically one should be able to use LimitRequestBody and rely on 100-
continue feature of HTTP/1.1.

What this means is that the browser will send a header:

  Expect: 100-continue

along with the content length of the request body, but will not
actually send the request body until it gets back a 100 response
status from the server to say it can keep going and send the request
content. Instead of that 100 status, the server could instead return a
413 response status to indicate request entity too large, along with
error page. Seeing this, the browser would abort and not actually send
the request content.

All good in theory. The problem though is that the only commonly used
browser that actually supports 100-continue is Opera.

What this means is that all other browsers will always send the
request content.

Thus, even if you were to use LimitRequestBody to send back a 413
response status and error page, you cant avoid those browsers sending
the request content.

Thus, as Marcus says, the only portable way one can do it to avoid
browser sending the large request content is to use some JavaScript to
enforce the upload limit. This though is a Clayton's check as someone
could still side step that check an upload to the URL directly.

Now for another caveats.

The problem with LimitRequestBody directive in Apache is that for it
to work it relies on the specific Apache module handling the request
to check for it.

The mod_wsgi module does the check so it is okay, but mod_python
doesn't and my recollection is that scgi/fastcgi modules for Apache
don't either. Even mod_proxy may defer the check to the backend system
being proxied to.

That said, if you are using mod_wsgi, what you would do is:

  LimitRequestBody 104857600
  ErrorDocument 413 /err_413.html

Then either map with Alias directive '/err_413.html' to a custom
static error page, or in Django have a handler for that URL in urls.py
mapping to a handler which returns a custom error page warning of too
large an upload.

Remember though that although this returns the custom error page for
too large of an upload, whether a browser other than Opera actually
displays it will depend on how it handles a error page coming back
while it is still in the process of perform the initial upload. It
could be that the browser blocks and will not do anything else until
upload is complete, which may never occur as Apache will not actually
read the request content to consume it. When Apache closes the
connection after sending the error response, the browser may see that
as a broken connection and indicate that as an error on post, or it
may still read and process the error page and use it instead.

Uploads are quite a problematic area and not just because of the
above. Another factor that can change things is whether a nginx/
lighttpd proxy front end is used to Apache.

Hope that explains things clearly.

Graham

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to