| Author |
Message |
|
| Guest |
 Posted: Mon Feb 22, 2010 6:56 pm |
 |
|
|
Guest
|
I have some Problem with the Fileupload.
Use php as cgi module and the ini options allow more.
If the Upload takes to long, the conection times out.
here a little tracelog.
Where is the Problem? The php.ini is configured to allow bigger and longer uploads.
|
|
|
| Back to top |
|
| Guest |
| Posted: Mon Mar 01, 2010 3:01 pm |
|
|
|
Guest
|
after some research i found out, that longer uploads are since several versions not possible after an change, to avoid dos attacks with the file upload.
Is there anything planed, to fix this, that also longer uploads are possible?
Or could someone show me the place, where this change were, to see, if i could make an fix by myself?
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Mon Mar 01, 2010 9:05 pm |
|
|
|
Guest
|
Daniel Fahlke wrote:
> after some research i found out, that longer uploads are since several
> versions not possible after an change, to avoid dos attacks with the
> file upload.
Which research, I don't recall this. Please remind me.
/klacke
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Erlyaws-list mailing list
Erlyaws-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/erlyaws-list
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Mon Mar 01, 2010 9:37 pm |
|
|
|
Guest
|
*search trough the logs of the last days*
First this Bugfix.
It was in the News (Sat Dec 11 2004 Version 1.50 released)
"Form post parameter was still always managed as atoms. This is a backwards incompatible change. It broke the wiki aswell as the upload example in the Yaws docs.However, the change is sound since it was easy to DOS a yaws server by sending file upload posts with new atoms. Eventually the atom table would overflow. However it does break code !!! (mikl) "
couldnt find now the place, that directed me to this bugfix, but here a report of this bug, from 2006 http://osdir.com/ml/web.server.yaws.general/2006-07/msg00035.html
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Tue Mar 02, 2010 8:37 am |
|
|
|
Guest
|
Daniel Fahlke wrote:
> *search trough the logs of the last days*
>
> First this Bugfix.
> It was in the News (Sat Dec 11 2004 Version 1.50 released)
>
> "Form post parameter was still always managed as atoms. This is a
> backwards incompatible change. It broke the wiki aswell as the upload
> example in the Yaws docs.However, the change is sound since it was easy
> to DOS a yaws server by sending file upload posts with new atoms.
> Eventually the atom table would overflow. However it does break code !!!
Ok, looong ago.
That fix didn't have anything todo whatsoever with the size of the
uploaded file. The problem was that the POST parse code did list_to_atom/1
while parsing. This meant that a malicious user could POST a long series
of wacko POST requests where each POST request potentially created
a set of new e.g. random atoms - that way filling up the erl atom table
which is of fixed size - thus eventually making erl die.
/klacke
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Erlyaws-list mailing list
Erlyaws-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/erlyaws-list
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Tue Mar 02, 2010 8:56 am |
|
|
|
Guest
|
|
| Back to top |
|
| Guest |
| Posted: Tue Mar 02, 2010 9:51 am |
|
|
|
Guest
|
I use yaws to upload large files (up to 2 gb) and it works fine (1.6x -> 1.80 versions), so I guess not a server is an issue. It also behaves well on low bandwidth networks where upload time is quite long.
Make sure that in multipart request you do not try send more than 2 gb. All browsers silently crash in this case. Here is example issue report for Mozilla https://bugzilla.mozilla.org/show_bug.cgi?id=383446
On 2 March 2010 09:55, Daniel Fahlke <flyingmana@googlemail.com (flyingmana@googlemail.com)> wrote:
Quote: 2010/3/2 Claes Wikstr |
|
|
| Back to top |
|
| Guest |
| Posted: Tue Mar 02, 2010 11:18 am |
|
|
|
Guest
|
2010/3/2 Michal Zajda <zajdamichal@gmail.com (zajdamichal@gmail.com)>
Quote: I use yaws to upload large files (up to 2 gb) and it works fine (1.6x -> 1.80 versions), so I guess not a server is an issue. It also behaves well on low bandwidth networks where upload time is quite long.
Make sure that in multipart request you do not try send more than 2 gb. All browsers silently crash in this case. Here is example issue report for Mozilla https://bugzilla.mozilla.org/show_bug.cgi?id=383446
Was that on a local machine?
for example http://yaws.hyber.org/upload0.yaws
i tried an 4,9 MB file and get an "The connection was reset" after some time.
I use Yaws version 1.87
after some tries the biggest file i could upload was 3,1 MB big.
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Tue Mar 02, 2010 11:44 am |
|
|
|
Guest
|
Quote:
Was that on a local machine?
tested on local and remote machines.
|
|
|
| Back to top |
|
| Guest |
| Posted: Tue Mar 02, 2010 11:47 am |
|
|
|
Guest
|
Daniel Fahlke wrote:
>
> for example http://yaws.hyber.org/upload0.yaws
> i tried an 4,9 MB file and get an "The connection was reset" after some
> time.
> I use Yaws version 1.87
>
> after some tries the biggest file i could upload was 3,1 MB big.
Well now that is a bug report I can relate to, I can reproduce.
I'll have a look at it ASAP.
My first look at the code triggered a giggle though, the Yaws upload test
code actually stores all files in
-define(DIR, "/tmp/YawsTestUploads/").
So, I see:
# ls -lat /tmp/YawsTestUploads/
-rw-r--r-- 1 root root 3051969 Mar 2 12:14 Secret_of_Mana_Theme_-_Anime_Techno_Remix.mp3
-rw-r--r-- 1 root root 3367947 Mar 2 12:13 Princess_Mononoke_Theme_Song-Full_Length_English_Mix_version.mp3
-rw-r--r-- 1 root root 3018533 Mar 2 12:11 Eisblume_-_Leben_ist_sch_n.mp3
-rw-r--r-- 1 root root 2843408 Mar 2 12:11 Ashley_Tisdale_-_Its_Alright__OK_w_lyrics.mp3
......
You might want do something about that music taste
/klacke
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Erlyaws-list mailing list
Erlyaws-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/erlyaws-list
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Tue Mar 02, 2010 12:05 pm |
|
|
|
Guest
|
|
| Back to top |
|
| Guest |
| Posted: Tue Mar 02, 2010 2:39 pm |
|
|
|
Guest
|
Daniel Fahlke wrote:
> And thank you for your time
>
I actually got pretty worried here, there is a config
parameter
partial_post_size = Integer
When a yaws file receives large POSTs, the amount of data
received in each chunk is determined by the this parameter. The
deafult value is 10240.
I found two errors in the yaws code,
The man page is wrong, there is an additional value, which erronously
was the default value - namely nolimit
So I've just changed the default value and corrected the man page. Your
remedy here is to explicitly set the partial_post_size to e.g 10240 in
your yaws.conf file and you'll be all set.
Thanks for reporting
/klacke
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Erlyaws-list mailing list
Erlyaws-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/erlyaws-list
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Tue Mar 02, 2010 3:24 pm |
|
|
|
Guest
|
heh, this is it. I had it in my yaws.conf (partial_post_size=65536), thats way I could not observe the bug.
2010/3/2 Claes Wikstr |
|
|
| Back to top |
|
| Guest |
| Posted: Wed Mar 03, 2010 9:31 am |
|
|
|
Guest
|
2010/3/2 Michal Zajda <zajdamichal@gmail.com (zajdamichal@gmail.com)>
Quote: heh, this is it. I had it in my yaws.conf (partial_post_size=65536), thats way I could not observe the bug.
2010/3/2 Claes Wikstr |
|
|
| Back to top |
|
| Guest |
| Posted: Wed Mar 03, 2010 10:31 am |
|
|
|
Guest
|
do not place the parameter in 'main' namespace(?), but in server tag.
<server www.somename.com>
|
|
|
| Back to top |
|
|
|
Digg It
Del.icio.us
Reddit
Facebook
Stumble Upon
Technorati
