to fix this issue in Linux with apache add the following to .htaccess:
LimitRequestLine 2147483648
I'm writing the explanation and will post when finished....it's a little lengthy like the first post
as a added measure I added this entry to each .htaccess in DFH
- It is currently Sat Nov 23, 2024 2:03 pm
-- "You didn't pick a file to upload" Allow larger uploads--
32 posts
• Page 4 of 4 • 1, 2, 3, 4
Re: -- "You didn't pick a file to upload" Allow larger uploa
by Black Phoenyx » Fri May 23, 2014 3:26 am
-
Black Phoenyx 
- Posts: 4
- Joined: Tue May 20, 2014 8:52 am
Re: -- "You didn't pick a file to upload" Allow larger uploa
by Black Phoenyx » Fri May 23, 2014 5:30 am
Factors causing this issue:
Internet Explorer, Mozilla firefox, Google Chrome, Opera, etc --- IIS & Apache….simply put don't really like each other all too well
Uploading very large files from "smart" browsers (which almost all are considered today) can trigger defense mechanisms that are now built in to them...basically unusually large uncommon files are seen as potential attacks through the browser, but not always.
But it isn't that simple either...they also speak the same language but have "selective hearing" so to speak...http headers are "funny" that way
Examples from remote client browsers:
Mozilla headers look like this:
POST /content-length-test.htm HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) Gecko/20060909 Firefox/1.5.0.7
Content-Type: multipart/form-data;
boundary=---------------------------28146504217367
Content-Length: -1618952669
IIS doesn't know what "Content-Length: - 1618952669" means and will answer the header with "Bad request"
Internet Explorer http headers look like this:
POST /upload/Upload-Progress HTTP/1 1
Referer: http://somedomain/upload/upload-Progress
User-Agent: Mozilla/4 0 (compatible; MSIE 8 0; Windows NT 6 1; Win64; x64; Trident/4 0; NET CLR 2 0 50727; SLCC2)
Content-Type: multipart/form-data; boundary=---------------------------7da3dd296066e
UA-CPU: AMD64
Content-Length: -1618952669
IIS and Apache understand the header but will simply count content-length of the upload in 32bit signed integers so the results from both browsers headers in these test cases are unusable and will render a "Bad request"
However, what generally affects Apache the most in file uploads is the memory consumption rate and how long the "httpd process" stays up...the latter limits the number of requests httpd can handle and their allowed sizes.
Apache by default is set to allow unlimited upload size and lets the client side browser do the size restricting (which in most cases is generally 2GB but sometimes 4GB) and the default setting for "LimitRequestBody" and “LimitRequestLine” directives is "0" (meaning unlimited) but with large files "causing anxiety" towards the potential of an attack the client side "smart" browser will trigger the server side of things to look at the content-length incorrectly in addition to the web servers themselves misinterpreting it in most cases.
So to remedy this issue without having access to httpd.config file on an Apache web server we must add the entries into the .htaccess file to force apache to compare the requestbody and requestline to a predefined limit as opposed to the defaults so that it basically looks at the file and compares it to the set limit and says “yes it is within my limits and I will accept it”
To correct my previous post above…2 entries must be made into the .htaccess file:
LimitRequestLine 2147483648
LimitRequestBody 2147483647
Notice that the entries are of different values...requestbody is just shy of the 2GB limit (max allowed for Apache)
With these settings in place I was able to stress test an Apache server with 650 - 1.5GB files from remote client machines simultaneously uploading to the server without any issues.
Also keep in mind the php.ini settings from my previous post must be set as well.
Sorry if this seems long winded I try to make my answers as understandable and informational as possible.
Internet Explorer, Mozilla firefox, Google Chrome, Opera, etc --- IIS & Apache….simply put don't really like each other all too well
Uploading very large files from "smart" browsers (which almost all are considered today) can trigger defense mechanisms that are now built in to them...basically unusually large uncommon files are seen as potential attacks through the browser, but not always.
But it isn't that simple either...they also speak the same language but have "selective hearing" so to speak...http headers are "funny" that way
Examples from remote client browsers:
Mozilla headers look like this:
POST /content-length-test.htm HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) Gecko/20060909 Firefox/1.5.0.7
Content-Type: multipart/form-data;
boundary=---------------------------28146504217367
Content-Length: -1618952669
IIS doesn't know what "Content-Length: - 1618952669" means and will answer the header with "Bad request"
Internet Explorer http headers look like this:
POST /upload/Upload-Progress HTTP/1 1
Referer: http://somedomain/upload/upload-Progress
User-Agent: Mozilla/4 0 (compatible; MSIE 8 0; Windows NT 6 1; Win64; x64; Trident/4 0; NET CLR 2 0 50727; SLCC2)
Content-Type: multipart/form-data; boundary=---------------------------7da3dd296066e
UA-CPU: AMD64
Content-Length: -1618952669
IIS and Apache understand the header but will simply count content-length of the upload in 32bit signed integers so the results from both browsers headers in these test cases are unusable and will render a "Bad request"
However, what generally affects Apache the most in file uploads is the memory consumption rate and how long the "httpd process" stays up...the latter limits the number of requests httpd can handle and their allowed sizes.
Apache by default is set to allow unlimited upload size and lets the client side browser do the size restricting (which in most cases is generally 2GB but sometimes 4GB) and the default setting for "LimitRequestBody" and “LimitRequestLine” directives is "0" (meaning unlimited) but with large files "causing anxiety" towards the potential of an attack the client side "smart" browser will trigger the server side of things to look at the content-length incorrectly in addition to the web servers themselves misinterpreting it in most cases.
So to remedy this issue without having access to httpd.config file on an Apache web server we must add the entries into the .htaccess file to force apache to compare the requestbody and requestline to a predefined limit as opposed to the defaults so that it basically looks at the file and compares it to the set limit and says “yes it is within my limits and I will accept it”
To correct my previous post above…2 entries must be made into the .htaccess file:
LimitRequestLine 2147483648
LimitRequestBody 2147483647
Notice that the entries are of different values...requestbody is just shy of the 2GB limit (max allowed for Apache)
With these settings in place I was able to stress test an Apache server with 650 - 1.5GB files from remote client machines simultaneously uploading to the server without any issues.
Also keep in mind the php.ini settings from my previous post must be set as well.
Sorry if this seems long winded I try to make my answers as understandable and informational as possible.
-
Black Phoenyx - Posts: 4
- Joined: Tue May 20, 2014 8:52 am
32 posts
• Page 4 of 4 • 1, 2, 3, 4
Return to Daddy's File Host v1.X
Who is online
Users browsing this forum: No registered users and 6 guests