Howdy, I'm not an expert on fileupload, but did you see the "Exercising More Control" section of http://jakarta.apache.org/commons/fileupload/using.html? It has a setting to limit the size. I don't know if that takes affect before/after/during the upload. IIRC (it's been a while), the server can't know the full upload file size until the upload is done, because the transfer is chunked and there's no initial header with the total size.
Yoav Shapira Millennium ChemInformatics >-----Original Message----- >From: Grim [mailto:[EMAIL PROTECTED] >Sent: Thursday, February 12, 2004 10:17 AM >To: [EMAIL PROTECTED] >Subject: Limiting POST sizes to save bandwidth > >Hi > >I'm sorry if I'm asking this in the wrong place, but I'm not sure where my >problem is actually occuring, I thought Tomcat itself might be able to >help. > >I'm trying to build an app that allows users to upload files to the >webserver. >My problem is I need to prevent them uploading large (more than a few MB) >files, which will waste both their bandwidth and mine. I'm using Jakarta >Commons FileUpload (http://jakarta.apache.org/commons/fileupload/) to parse >the multipart form, but it can't seem to prevent the end-users uploading >large files. The user sends the large file and then once it's finished, >FileUpload will display the error. But the user still wasted all that >bandwidth. I even tried just throwing an exception straight away on the JSP >page the form submits to, but the file is still sent. > >I tried placing a maxPostSize="2000000" in my server.xml Connector on port >8080. This didn't seem to have any effect though, even after restarting >Tomcat. > >I'm using Tomcat 5.0.16 in standalone mode, port 8080. > >If anyone has any suggestions on how I can prevent the waste of bandwidth >(and possible DoS attacks) please let me know. > >Thanks >Brad Gorman > > > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
