10

Does anyone know a good solution to limit the file upload size when running a Rails application with Passenger/mod_rails. The request should immediately be declined, so that the file doesn't get transferred to the server.

The solutions I've found so far all describe how to patch Mongrel to implement a limitation, but I have to use passenger with this application.

sth
  • 222,467
  • 53
  • 283
  • 367
Mato
  • 830
  • 2
  • 9
  • 21

3 Answers3

21

Or if you're using nginx with passenger, add in the server block:

server {
  client_max_body_size 100M;
}

http://wiki.nginx.org/NginxHttpCoreModule#client_max_body_size

Jack Chu
  • 6,791
  • 4
  • 38
  • 44
10

You may cap the upload size via Apache using the LimitRequestBody directive:

<Directory "/var/www">
    LimitRequestBody 1024
</Directory>

http://httpd.apache.org/docs/1.3/mod/core.html#limitrequestbody

user229044
  • 232,980
  • 40
  • 330
  • 338
  • this is a possible solution. the problem here is that apache just quits the connection and because of that it is not possible to show an error page – Mato Feb 05 '10 at 09:31
  • Yeah, this is server side validation and is used for security purposes. You should probably use a script on the client side so that non-malicious users will be notified on the spot. If you are using a plugin like `dropzone` it's as easy as setting the `maxFilesize` – AturSams Jul 15 '14 at 14:16
7

You can use following javascript to notify user that the selected file exceeds maximum limit. But still its essential to have server side validation.

$('#id_of_input_file_field').change(function() {
  if(this.files[0].size > MAX_LIMIT_FOR_FILE){
    $('#id_of_input_file_field').val(''); 
    alert('File exceeds maximum size limit ')
}
});

MAX_LIMIT_FOR_FILE is in byte so if you want set max limit of 1Mb then value of MAX_LIMIT_FOR_FILE should be 1048576

wiseland
  • 1,010
  • 9
  • 16
pratik
  • 71
  • 1
  • 3