views:

772

answers:

4

Does anyone know a good solution to limit the file upload size when running a Rails application with Passenger/mod_rails. The request should immediately be declined, so that the file doesn't get transferred to the server.

The solutions I've found so far all describe how to patch Mongrel to implement a limitation, but I have to use passenger with this application.

+2  A: 

You may cap the upload size via Apache using the LimitRequestBody directive:

<Directory "/var/www">
    LimitRequestBody 1024
</Directory>

http://httpd.apache.org/docs/1.3/mod/core.html#limitrequestbody

meagar
this is a possible solution. the problem here is that apache just quits the connection and because of that it is not possible to show an error page
Mato
+1  A: 

Or if you're using nginx with passenger, add in the server block:

server {
  client_max_body_size 100M;
}

http://wiki.nginx.org/NginxHttpCoreModule#client_max_body_size

Jack Chu
I'm using apache, but thank you anyway
Mato
A: 

Unfortunately, I don't think you can do what you want across all browsers. It sounds like you want client side validation of the file size of the file. The server certainly cannot validate it before it is uploaded since it's not accessible to the server.

I've read that you can do it via ActiveX for IE, but I wouldn't recommend using or relying on ActiveX.

As of Firefox 3.6, there is support for the WC3 FileApi which would let the browser access the file size using javascript. There are also guides here and here.

It's not ideal, but Firefox does have a good deal of marketshare now. So, for now, maybe this is one approach you could take.

Jack Chu
A: 

You could use a Flash Application to upload the file. With the FileReference Class you can check the file size before the upload.

Mark Kessler