Yoav's recollection of the spec is correct. There is nothing in the headers indicating a size. So you need to read in the entire request to determine you've gone over a limit. And even if you could keep track of bytes/chunks "as they come in"... you've still wasted all that bandwidth up to that point, if indeed the user goes over the limit. I think you're down to client-side tools. Perhaps an applet with some nice drag and drop features. It would keep track of file size either 'real time' or during the preparation phase of submitting the file(s).. and would warn the user *before* sending a single byte that they were over the limit.
> -----Original Message----- > From: Grim [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 12, 2004 9:41 AM > To: 'Tomcat Users List' > Subject: RE: Limiting POST sizes to save bandwidth > > > Hi Yoav > > Thanks for the reply. But yeah, those settings take place > after the upload, they seem to be used for preventing large > files being written to disk or controlling how large a file > should be before being stored temporarily to disk. > > Maybe something there's something that could keep track of > how many chunks or how much data has been sent by the client, > forcing an error after a limit? I just imagine there must be > some way to prevent this sort of thing... > > Brad Gorman > > -----Original Message----- > From: Shapira, Yoav [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 12, 2004 11:26 PM > To: Tomcat Users List > Subject: RE: Limiting POST sizes to save bandwidth > > > Howdy, > I'm not an expert on fileupload, but did you see the > "Exercising More Control" section of > http://jakarta.apache.org/commons/fileupload/using.html? > It has a setting to limit the size. I don't know if that > takes affect before/after/during the upload. IIRC (it's been > a while), the server can't know the full upload file size > until the upload is done, because the transfer is chunked and > there's no initial header with the total size. > > Yoav Shapira > Millennium ChemInformatics > > > >-----Original Message----- > >From: Grim [mailto:[EMAIL PROTECTED] > >Sent: Thursday, February 12, 2004 10:17 AM > >To: [EMAIL PROTECTED] > >Subject: Limiting POST sizes to save bandwidth > > > >Hi > > > >I'm sorry if I'm asking this in the wrong place, but I'm not > sure where > my > >problem is actually occuring, I thought Tomcat itself might > be able to > >help. > > > >I'm trying to build an app that allows users to upload files to the > >webserver. > >My problem is I need to prevent them uploading large (more than a few > MB) > >files, which will waste both their bandwidth and mine. I'm using > Jakarta > >Commons FileUpload (http://jakarta.apache.org/commons/fileupload/) to > parse > >the multipart form, but it can't seem to prevent the end-users > uploading > >large files. The user sends the large file and then once > it's finished, > >FileUpload will display the error. But the user still wasted > all that > >bandwidth. I even tried just throwing an exception straight > away on the > JSP > >page the form submits to, but the file is still sent. > > > >I tried placing a maxPostSize="2000000" in my server.xml Connector on > port > >8080. This didn't seem to have any effect though, even after > restarting > >Tomcat. > > > >I'm using Tomcat 5.0.16 in standalone mode, port 8080. > > > >If anyone has any suggestions on how I can prevent the waste of > bandwidth > >(and possible DoS attacks) please let me know. > > > >Thanks > >Brad Gorman > > > > > > > > > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > This e-mail, including any attachments, is a confidential > business communication, and may contain information that is > confidential, proprietary and/or privileged. This e-mail is > intended only for the individual(s) to whom it is addressed, > and may not be saved, copied, printed, disclosed or used by > anyone else. If you are not the(an) intended recipient, > please immediately delete this e-mail from your computer > system and notify the sender. Thank you. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
