All geek questions in one place

How do you limit the upload of large files to wsgi?

I am trying to figure out how to best handle files safely in a wsgi application. It looks like many solutions include using FieldStorage from the cgi module to analyze form data. From what I understand in FieldStorage, it does a bit of magic behind the scenes, passing data to the temp file.

What I'm not 100% clarifying is how to limit the request to a file that exceeds the specified amount (say, 10 MB). If someone uploads a file of several GB in size, you obviously want to block the request before it chews through your disk space on the server correctly?

What is the best way to limit file downloads in a wsgi application?

+4
source share
2 answers

This will depend on your external server. If it has any configuration to block a large request even before it enters your application, use it.

If you want to block this with code, I see two approaches:

  • See the HTTP header Content-Length. If this is more than you can handle, immediately reject the request.
  • Do not trust the headers and start reading the body of the request until you reach your limit. Please note that this is not a very smart way, but it may work. =)

Trusting the HTTP header, you may run into some problems. Suppose someone sends a request with Content-Length: 1024, but sends a 1GB request body. If your front-end server trusts the header, it will start reading this request and later find out that the request body is actually much larger than it should be. This situation can still fill your server disk, even if it is a request that "passes" too much verification.

Although this may happen, I think that trusting the title would be a good starting point.

+3
source

You can use the functions of the HTTP server, which you probably have before the WSGI application. For example, lighttpd has many options for generating traffic .

0
source

Source: https://habr.com/ru/post/1392451/

More articles:


All Articles