views:

234

answers:

1

I'm working on a PHP webapp that accepts large POSTed file uploads from specific clients and would like to accept or reject these uploads (based on various headers and other factors, not just size) before the file is uploaded by using HTTP/1.1 100 Continue.

Some quick background from HTTP/1.1 spec 8.2.3:

The purpose of the 100 (Continue) status (see section 10.1.1) is to allow a client that is sending a request message with a request body to determine if the origin server is willing to accept the request (based on the request headers) before the client sends the request body. In some cases, it might either be inappropriate or highly inefficient for the client to send the body if the server will reject the message without looking at the body.

The problem is that Apache sees the Expect: 100-continue from the client, returns a 100 Continue and accepts the file upload all before PHP begins processing... However I need PHP to begin processing immediately after the Expect: 100-continue. I'm not sure if this is possible so I have two questions:

  1. Is it possible to make PHP begin processing immediately after the Expect: 100-continue?
  2. If not, what is a good alternative?

I'm currently thinking of emulating 100 continue by specifying the client first send a HEAD request with the same headers as the POST. The webapp can then return a response to continue with the POST or an error code. Other suggestions are welcome!

A: 

Trying to do this on the HTTP level seems too difficult. It is important as a developer to not get hung up on a specific solution. The problem is you want to do a series of checks before you handle the upload. All you need to do is put a qualifying page before the upload. This qualifying page will only show them the upload form if they pass the series of checks and qualify. That is exactly what you are trying to do only you can do it in code PHP. If it is possible, the HTTP 100 thing will always require lots of additional configuration, thus creating a headache for support later on. If you do it in the code those that come behind you (or yourself in a couple of years) will be able to clearly understand what the app is doing.

Daniel Ice