Hello!

On Tue, Oct 12, 2010 at 01:05:45PM -0400, jlangevin wrote:

> In that case, if you had a server that you wanted to allow up to 32mb
> uploads managed via PHP scripts, how would you do so in a secure fashion
> (considering DOS)?

Ideally, worker_processes * worker_connections * client_max_body_size
should be less than free space normally available for client_body_temp_path.

Though for large number of worker_connections it's a bit hard maintain
this invariant, e.g. 64k connections with 32m limit will require 2T
of disk space. So it's probably good idea to apply other limits
as well, e.g. limit_conn.

> Would you do a check for a certain request type (such as POST) as well
> as the requested URL?
> Or would it not be worthwhile to be that exact?

Configuring client_max_body_size only for particular locations may
be beneficial, especially when combined with limit_conn for
requests in this location.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx