Jump to content

Problem with close session when Uploading Files

irigsoft

By irigsoft
in General

 Share

Recommended Posts

irigsoft Advanced Member

irigsoft

Posted
Posted

Hello.

I use this procedure to control the size of uploaded files by monitoring ARequestInfo.ContentLength in the UniGUIServerModuleHTTPCommand, but if the file is larger than my size, I want the session to close and the upload to abort.
But this does not happen.

 

var
  contentLength                         : Int64;
begin
      contentLength := 2000; //read from file with settings 
      If ARequestInfo.HasContentLength then begin
          if ARequestInfo.ContentLength > contentLength then begin
            AResponseInfo.ContentText := '<h1>BIG Content</h1>';
            Handled := True;
            AResponseInfo.CloseSession;
            AResponseInfo.CloseConnection:=true;

            try
            UniServerModule.Lock;
            UniServerModule.Logger.AddLog ('HTMLSysLog',FormatDateTime ('dd.MM.yyyy HH:mm:ss',Now) + ' : '
                                  + ' BIG Post.ContentLength: ' + IntToStr (ARequestInfo.ContentLength) + 'IP: ' + ARequestInfo.RemoteIP
                                  + ', URI: ' + ARequestInfo.URI
                                  + ', COMMAND: ' + ARequestInfo.Command
                              ,'HtmlLog');

            finally
              UniServerModule.UnLock;
            end;

            exit;
          end;
      end;
 

What do I need to do to be able to block file uploads ?

I want to close session and stop uploading file, not limit MaxAllowedSize !

here is a test project:

FileUpload.zip

Link to comment
Share on other sites
  • irigsoft changed the title to Problem with close session when Uploading Files
irigsoft Advanced Member

irigsoft

Posted
  • Author
Posted
20 minutes ago, Sherzod said:

Hello, 

Why exactly here and close the session?

for security reasons.

I am trying to protect the StandAlone server (from hackers) when uploading files

If someone tries to upload files larger than enabled by me (in my settings) then I want to close the session and stop the upload.

In some of my designs I give rights to the user to upload files using uniFileUpload components, but in others they will be able to do so via the API, and I also want to prevent cases where someone tries to illegally upload files to a physical server (in case my security to be breached for any reason)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...