Reputation: 6206
Prevent user from uploading large files to server
I'm concerned that someone could cause our server to crash by uploading a very large file to it -- say, 10 gigabytes or more.
Currently, I have a javascript limit set at 10mb, and I also check the size of the file on the server before writing it. That being said, the javascript limit could be easily by-passed by an attacker and the check on the server comes too late -- after the file has been uploaded.
So how could I prevent someone from uploading large files? I'm using rails, nginx and unicorn.
Edit:
In the course of writing this question, I saw some other SO questions on the pop up concerning an nginx setting called client_max_body_size. I'm assuming that simply by setting this I can automatically reject requests from the client over a certain size. Could somebody confirm this?
Upvotes: 3
Views: 943
Answers (1)
Reputation: 156
Yeah, set the max client size in your nginx config. The request will fail with code 413 if too large. Check out the nginx docs for more details.
Edit: Make sure you restart nginx to use the new settings, a command like 'sudo nginx -s reload' would do the trick.
Upvotes: 2
Related Questions
- Rails:Limiting how many files a user can upload
- Allow larger file upload size to certain users in Rails
- Rails file_field size restrictions
- Nginx + Unicorn do not allow upload file > 400mb
- Nginx: referring too-large files uploads to application?
- Server side validation of file size
- Rails on Phusion Passenger with Nginx not allow uploading files of size > 2G
- Rails file upload size limit
- Restrict user to upload large files
- How to restrict filesize for uploads?