> This kind of attack can occur on any web page, not just Apache::ASP files. There is >probably some Apache settings > to allow file uploads only to specific directories. Joshua?
To limit the file upload size that Apache::ASP will handle, use PerlSetVar FileUploadMax 50000 To limit this at the Apache level, one can use: LimitRequestBody 50000 but this latter method will be generic to POST handling. If you never want to handle POST form handling, then you might get away with LimitRequestBody 0, but I don't know if that would work. I know my POST forms are never that big, so I might do LimitRequestBody 10000 if I wanted to protect my scripts from arbitrary file upload requests. -- Josh _________________________________________________________________ Joshua Chamas Chamas Enterprises Inc. NodeWorks Founder Huntington Beach, CA USA http://www.nodeworks.com 1-714-625-4051 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
