irigsoft Posted January 26, 2023 Share Posted January 26, 2023 Hello. I use this procedure to control the size of uploaded files by monitoring ARequestInfo.ContentLength in the UniGUIServerModuleHTTPCommand, but if the file is larger than my size, I want the session to close and the upload to abort. But this does not happen. var contentLength : Int64; begin contentLength := 2000; //read from file with settings If ARequestInfo.HasContentLength then begin if ARequestInfo.ContentLength > contentLength then begin AResponseInfo.ContentText := '<h1>BIG Content</h1>'; Handled := True; AResponseInfo.CloseSession; AResponseInfo.CloseConnection:=true; try UniServerModule.Lock; UniServerModule.Logger.AddLog ('HTMLSysLog',FormatDateTime ('dd.MM.yyyy HH:mm:ss',Now) + ' : ' + ' BIG Post.ContentLength: ' + IntToStr (ARequestInfo.ContentLength) + 'IP: ' + ARequestInfo.RemoteIP + ', URI: ' + ARequestInfo.URI + ', COMMAND: ' + ARequestInfo.Command ,'HtmlLog'); finally UniServerModule.UnLock; end; exit; end; end; What do I need to do to be able to block file uploads ? I want to close session and stop uploading file, not limit MaxAllowedSize ! here is a test project: FileUpload.zip Quote Link to comment Share on other sites More sharing options...
Sherzod Posted January 26, 2023 Share Posted January 26, 2023 Hello, Why exactly here and close the session? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 26, 2023 Author Share Posted January 26, 2023 20 minutes ago, Sherzod said: Hello, Why exactly here and close the session? for security reasons. I am trying to protect the StandAlone server (from hackers) when uploading files If someone tries to upload files larger than enabled by me (in my settings) then I want to close the session and stop the upload. In some of my designs I give rights to the user to upload files using uniFileUpload components, but in others they will be able to do so via the API, and I also want to prevent cases where someone tries to illegally upload files to a physical server (in case my security to be breached for any reason) Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 27, 2023 Author Share Posted January 27, 2023 16 hours ago, Sherzod said: Hello, Why exactly here and close the session? Hello. Is there a way to know if client use UploadFile or send HTML request in UniGUIServerModuleHTTPCommand. Is it possible to set variable value on UniFileUploadExecute ? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.