Roundup Tracker - Issues

Message7735

Author rouilj
Recipients rouilj
Date 2023-02-27.14:29:32
Message-id <1677508172.53.0.632192334998.issue2551266@roundup.psfhosted.org>
In-reply-to
With the cgi module you can limit the size of a POST request used for uploading files.

   import cgi

   # Maximum input we will accept when REQUEST_METHOD is POST
   # 0 ==> unlimited input
   cgi.maxlen = 10 * 1024 * 1024 # 10MB

(https://webpy.org/cookbook/limiting_upload_size)

If there is just one file uploaded, this places a maximum size limit
on the file. Roundup can attach multiple files in one POST request.
So this isn't really useful for limiting the attached file size.
An auditor is a better choice to limit attached file size.

However this can be a good defense against a DOS attack for large POST
requests that try to eat all the disk space or memory while handling
the POST.

I suggest adding the setting to the [web] section of the configuration
file. Default value of 0 (no limit, same as current). I think megabyte
units make sense for this. Make value a floating point number, so you
can express kb, bytes etc. if needed. Value is converted to bytes for
use internally.
History
Date User Action Args
2023-02-27 14:29:32rouiljsetrecipients: + rouilj
2023-02-27 14:29:32rouiljsetmessageid: <1677508172.53.0.632192334998.issue2551266@roundup.psfhosted.org>
2023-02-27 14:29:32rouiljlinkissue2551266 messages
2023-02-27 14:29:32rouiljcreate