Project

General

Profile

Feature #2914

Add check for temp upload directory size and terminate connection is un-available

Added by saulwold 2 months ago. Updated 2 months ago.

Status:
Invalid
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
2018-10-08
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

Add a check on a POST request to ensure there is enough space in the temporary directory structure for the requested content length.

See attached patch for a possible solution.

History

#1

Updated by gstrauss 2 months ago

  • Status changed from New to Invalid

Presumably you're going to consume the POST body, so if you're concerned about size, then please consider
server.stream-request-body = 2
so that you avoid storing temporary files. Your backend script which processes the POST body can then check is there is sufficient space or not, and can reject the request if it pleases.

You could also have a cron job which checks disk space every 5 or 10 mins and sends you an email (or reconfigures lighttpd to reject requests) if free disk space falls below a predetermined value.

What problem(s) are you actually trying to solve?

BTW, lighttpd supports POST with Transfer-Encoding: chunked, so you will not necessarily know the size of every POST request body. Your patch can not handle such a case.

Lastly, and a sufficient reason to reject this patch, is that reading the request body can be done by a backend script based on any number of factors (such as authenticated user or origin IP address) if server.stream-request-body = 2 (or 1), and the backend script can send an appropriate response if the script does not want to accept the request body, including whether or not there is enough disk space (if the backend script checks). Your patch removes the ability for a backend script to make the decision whether or not to accept the supplied request body.

Also available in: Atom