阻止用户将大文件上传到服务器
[英]Prevent user from uploading large files to server
问题描述
I'm concerned that someone could cause our server to crash by uploading a very large file to it -- say, 10 gigabytes or more. 
我担心有人通过将非常大的文件(例如10 GB或更多)上传到服务器而导致服务器崩溃。
Currently, I have a javascript limit set at 10mb, and I also check the size of the file on the server before writing it. 目前,我将javascript限制设置为10mb,并且在写入文件之前,我还要检查服务器上文件的大小。 That being said, the javascript limit could be easily by-passed by an attacker and the check on the server comes too late -- after the file has been uploaded. 话虽这么说,攻击者可以轻易绕过javascript限制,并且在文件上传后,对服务器的检查为时已晚。
So how could I prevent someone from uploading large files? 那么,如何防止某人上传大文件? I'm using rails, nginx and unicorn. 我正在使用rails,nginx和unicorn。
Edit: 编辑:
In the course of writing this question, I saw some other SO questions on the pop up concerning an nginx setting called client_max_body_size . 在编写此问题的过程中,我在弹出窗口中看到了一些其他的SO问题,涉及一个名为client_max_body_size的Nginx设置。 I'm assuming that simply by setting this I can automatically reject requests from the client over a certain size. 我假设只需设置此选项,我就可以自动拒绝来自特定大小的客户端请求。 Could somebody confirm this? 有人可以确认吗?
1 个解决方案
解决方案1
2 已采纳 2014-01-23 16:48:10
Yeah, set the max client size in your nginx config. 是的,在您的nginx配置中设置最大客户端大小。 The request will fail with code 413 if too large. 如果太大,请求将失败,并显示代码413。 Check out the nginx docs for more details. 查看nginx文档以获取更多详细信息。
Edit: Make sure you restart nginx to use the new settings, a command like 'sudo nginx -s reload' would do the trick. 编辑:确保重新启动nginx以使用新设置,像“ sudo nginx -s reload”这样的命令将解决问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.