Limiting the Upload Size

FileUp provides two different means for limiting the size of files or uploads that are written to your webserver in the MaxBytes and MaxBytesToCancelsettings.

If you look through the documentation, you will notice that MaxBytesand MaxBytesToCancel exist both as properties and as registry keys. You should only set either the properties or the keys, but not both. Knowing when to set the properties versus the registry keys is dependent on whether or not you are using the HttpModule. Because the HttpModule caches the request before any ASP.NET code is executed, the HttpModule must be informed of these settings via the registry.

Environment How to Set the Values
ASP Set values as FileUp Properties
ASP.NET, using the HttpModule Set values as Registry Keys
ASP.NET, without the HttpModule
(not recommended)		 Same as for ASP
MaxBytes: Limiting by Individual Files

The MaxBytes registry setting specifies the maximum number of bytes on a per file basis that the HttpModule will write to disk before passing on the request for further processing. This means that files will be truncated at the size specified in the MaxBytes setting. No errors will be raised by FileUp when this occurs. Setting this key to 0 disables MaxBytes, and this is the default value. When using ASP or ASP.NET without the HttpModule, use the MaxBytes property of the FileUp object. When using the HttpModule, you must use this registry setting instead, since the HttpModule processes the request before the ASP.NET script is executed.

MaxBytesToCancel: Cancelling the Request Based on its Size.

Specifies the maximum size in bytes of the entire Request before the HttpModule will abort the Request. Setting this key to 0 disables MaxBytesToCancel, and this is the default value. When using ASP or ASP.NET without the HttpModule, use the MaxBytesToCancel property of the FileUp object. When using the HttpModule, you must use this registry setting instead, since the HttpModule processes the request before the ASP.NET script is executed.

Making Size Limitations User-friendly

Both of these settings are stop-gap measures that can be employed to protect your webserver from certain types of attacks; however, used alone, they are not ideal for providing a user-friendly experience to legitimate users. The following suggestions might be employed to provide a better interaction with your end user:

C#
//--- Get a reference to the uploaded file field
SaFile file = (SaFile)fileUpload.Form["myFile"];

if(file != null)
{
if(!file.IsEmpty)
{
// --- The MaxBytes registry key has been set to 1025
// --- even though the actual desired cut-off is 1024
// --- This will help us avoid confusion between properly
// --- sized files and those that have been truncated
// --- because of the MaxBytes setting.

UInt64 total;
total = file.TotalBytes;

if(total > 1024)
{
// --- Delete the file from the webserver, because it's
// --- too large and most likely was truncated by the
// --- MaxBytes setting anyway.
file.Delete();
}
else
{
file.Save();
}
}
}
VB.NET
'--- Get a reference to the uploaded file field
Dim file As SaFile = CType(fileUpload.Form("myFile"), SaFile)

If Not (file Is Nothing) Then
If Not (file.IsEmpty) Then

'--- The MaxBytes registry key has been set to 1025
'--- even though the actual desired cut-off is 1024
'--- This will help us avoid confusion between properly
'--- sized files and those that have been truncated
'--- because of the MaxBytes setting.

Dim noMathNumber as UInt64
noMathNumber = file.TotalBytes

Dim number as Int64
'--- We know MaxBytes is cutting off files at 1025 bytes
'--- so I'm not worried about an overflow error
number = System.Convert.ToInt64(noMathNumber)

If (number > 1024) then
'--- Delete the file from the webserver, because it's
'--- too large and most likely was truncated by the
'--- MaxBytes setting anyway.
file.Delete
Else
file.Save()
End If
End If
End If

Top

Copyright © 2010 SoftArtisans, Inc. All rights reserved.