Project

General

Profile

Actions

Feature #2914

closed

Add check for temp upload directory size and terminate connection is un-available

Added by saulwold about 6 years ago. Updated about 6 years ago.

Status:
Invalid
Priority:
Normal
Category:
core
Target version:
ASK QUESTIONS IN Forums:

Description

Add a check on a POST request to ensure there is enough space in the temporary directory structure for the requested content length.

See attached patch for a possible solution.


Files

Actions #1

Updated by gstrauss about 6 years ago

  • Status changed from New to Invalid

Presumably you're going to consume the POST body, so if you're concerned about size, then please consider
server.stream-request-body = 2
so that you avoid storing temporary files. Your backend script which processes the POST body can then check is there is sufficient space or not, and can reject the request if it pleases.

You could also have a cron job which checks disk space every 5 or 10 mins and sends you an email (or reconfigures lighttpd to reject requests) if free disk space falls below a predetermined value.

What problem(s) are you actually trying to solve?

BTW, lighttpd supports POST with Transfer-Encoding: chunked, so you will not necessarily know the size of every POST request body. Your patch can not handle such a case.

Lastly, and a sufficient reason to reject this patch, is that reading the request body can be done by a backend script based on any number of factors (such as authenticated user or origin IP address) if server.stream-request-body = 2 (or 1), and the backend script can send an appropriate response if the script does not want to accept the request body, including whether or not there is enough disk space (if the backend script checks). Your patch removes the ability for a backend script to make the decision whether or not to accept the supplied request body.

Actions

Also available in: Atom