[Mongrel] Limit Request Body Size (Disallow very large File-uploads)

gollomm gollomm at gmail.com
Fri Jun 12 13:32:13 EDT 2009


On Fri, Jun 12, 2009 at 12:40 PM, Kirk Haines<wyhaines at gmail.com> wrote:
> Look at http_request.rb.
>
> Mongrel already has a limit to the length of the headers that it will
> accept, so you are covered there.  If you look at
> HttpRequest#initialize, there is a "remain" variable that is set to
> the content length of the body of the request.
>
> You could simply insert a check there.  If it's too high, bail out
> right there and throw back whatever error response you deem
> appropriate.
>
> It could be a 400, but it's probably better if it is a 413 Request
> Entity Too Large.

Oh, I did that already. I had mongrel sending an error to the client,
when I realized that when that check is performed the provided file
(for upload) is stored on server side already. Instead, I'd like to do
something before all that. For processing the content_length, and the
remain variable respectively, the file has to be in its entirety on
the server. I'd like mongrel to abort processing the request body if
the HTTP header 'Content-Length' reports it'll be too large anyways.
What I'd like to do is checking the 'Content-Length' (something fast)
and bail out appropriately...

The most challenging part here is to figure out at what point mongrel
has access to the request's HTTP headers but has not begun processing
the request body in any way.

There is 'request_begins' for HttpHandlers, but providing code in
there never seems to be executed. Maybe I'd need some configuration
changes for handlers to be run or something similar. But I have no
idea how I'd do so or where to find some documentation about it...

Thank you very much for the great help,
Severin


More information about the Mongrel-users mailing list