Re: [webmin-l] Restricting file upload size

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi Dave,<br />Yes, this has been fixed for a few versions now ..<br /><br />=A0- Jamie<br /><br />On 27/Nov/2006 12:42 Dave Isaacs wrote ..
<blockquote type=3D"cite">

<p><font size=3D"2">Jamie,</font>
</p>

<p><font size=3D"2">Almost a year ago I posted this question about restricting file upload size.=A0 At the time you admitted to some miniserv.pl limitations and said that you would take care of this.=A0 </font></p>

<p><font size=3D"2">Have you?=A0 If yes, great!=A0 If not, any estimates on when this can get in?</font>
</p>

<p><font size=3D"2">Thanks</font>
</p>

<p><font size=3D"2">Dave I</font>
</p>

<p><font size=3D"2">From: Jamie Cameron &lt;jca...@we...&gt;</font>
<br /><font size=3D"2">To: web...@li...</font>
<br /><font size=3D"2">Reply-To: web...@li...</font>
<br /><font size=3D"2">Date: Feb 10 2006 - 6:38pm</font>
</p>

On 11/Feb/2006 03:19 Dave Isaacs wrote ..
 &gt; My experience shows that this does not work.
 &gt;
 &gt; I put a 1000000 limit in my call to ReadParseMime then attempted to upload
 &gt; a
 &gt; 1GB file. Using top, I watched the miniserv.pl process climb to about
 &gt; 600MB
 &gt; before crashing. ReadParseMime was never called because my module was
 &gt; never
 &gt; invoked.
 &gt;
 &gt; If I look at miniserv.pl, at around line 1740, I see
 &gt;
 &gt; $clen =3D $header{&quot;content-length&quot;};
 &gt; if ($method eq &quot;POST&quot; &amp;&amp; $clen_read &lt; $clen) {
 &gt; # Still some more POST data to read
 &gt; while(length($postinput) &lt; $clen) {
 &gt; $buf =3D &amp;read_data($clen - length($postinput));
 &gt; if (!length($buf)) {
 &gt; &amp;http_error(500, &quot;Failed to read &quot;.
 &gt; &quot;POST request&quot;);
 &gt; }
 &gt; $postinput .=3D $buf;
 &gt; }
 &gt; }
 &gt;
 &gt; This looks an awful lot like reading in the entire file upload. As a test,
 &gt; I wrote the length($postinput) value to a log file (right before the call
 &gt; to
 &gt; read_data) and found that miniserv.pl was looping in an attempt to read
 &gt; the
 &gt; entire file upload.

Hi Dave,
 You are absolutely correct .. Webmin really does the whole posted input into
 memory! Sorry, I totally forgot about that..

&gt; Then I stumbled upon the forkcgis configuration setting, which appears
 &gt; to
 &gt; switch on a alternative method of invoking the webmin modules. This method
 &gt; has miniserv.pl forwarding the file upload to the forked process as it
 &gt; is
 &gt; received. Unfortunately, this does not work either. Now when I upload
 &gt; a
 &gt; large file, something goes wrong and there is never a response. The log
 &gt; messages I put in the miniserv loop shows that about 7500 bytes are read
 &gt; in,
 &gt; and then everything stops. Although this is better than crashing the
 &gt; server, it is still not correct.

I looked into this too, and found that Webmin is currently terminating the
 browser connection if the uploaded data is more than the set limit. Unfortunately,
 no browsers take kindly to this, and display an error message about the connection
 being closed.

<p><font size=3D"2">In the next release of Webmin, it will handle this better by reading all the data</font>
<br /><font size=3D"2">submitted by the browser, but not actually storing it in memory if the limit is exceeded.</font>
<br /><font size=3D"2">That is not quite ideal, but still better than the current situation.</font>
</p>

<p><font size=3D"2">- Jamie</font>
</p>

</blockquote><br />

Re: [webmin-l] Restricting file upload size

A web-based interface for system administration of UNIX

Re: [webmin-l] Restricting file upload size