Hi, i have free hosting server and a rule to upload 3MB file max. it works for FTP, but somehow it doesn't work for php. It seems for php the limit on my server is 100MB (no idea why) i use following directives to limit file size in php.ini : ; Maximum size of POST data that PHP will accept. post_max_size = 4M (4 just for some margin ) ; Maximum allowed size for uploaded files. upload_max_filesize = 3M and i still can find 100MB files on disk. this is part of log file from apache from the account that uploaded it to me: boorako.[] someip - - [13/May/2007:12:21:22 +0200] "POST /a/redir.php?capthatag=accesscode&saveto=&path=/some/path/boorako.[]/a&comment=&domail=&email=&useproxy= &proxy=&split=&method=tc&partSize=10&redirto=/a/index.php&link=redir.php?capthatag=accesscode&saveto=&path= /some/path/boorako.[]/a&comment=&domail=&email=&useproxy=&proxy=&split=&method=tc&partSize=10&redirto= /a/index.php&link=http://rs60l33.rapidshare.com/files/15726289/10278772/wr_mxSK.part3.rar HTTP/1.1" 302 188 "http://boorako.[]/a/index.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3" boorako.[] someip - - [13/May/2007:12:21:35 +0200] "POST /a/redir.php?capthatag=accesscode&saveto=&path=/some/path/boorako.[]/a&comment= &domail=&email=&useproxy= &proxy=&split=&method=tc&partSize=10&redirto=/a/index.php&link=redir.php?capthatag=accesscode&saveto=&path= /some/path/boorako.[]/a&comment=&domail=&email=&useproxy=&proxy=&split=&method=tc&partSize=10&redirto= /a/index.php&link=http://rs60l33.rapidshare.com/files/15726289/10278772/wr_mxSK.part3.rar HTTP/1.1" 302 188 "http://boorako.[]/a/index.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3" Code (markup): as the effect of this (at least i think so), there was 100MB file in his home dir. any idea how can he POST such big files even with those two directives? i have also set LimitRequestBody to 5194304 and LimitXMLRequestBody to 5194304 in apache2.conf which also should stop files being POSTED as big as 100MB. i have php 4.4.4-9, Linux Debian, apache 2.2.3 working in worker mpm, and php as fastcgi. P.S. i removed server info like IP, dir and address to not show specifics about my server in public, i put [] there.
This is what I use in my own file upload form, '<input type="hidden" name="MAX_FILE_SIZE" value="524288" />' this calculates out at 512 KB, so maybe if you did that to your 3 MB that calculates as 3145728 bytes.
i don't understand what do you mean. i'm trying to forbid people (users of my server) to upload files bigger than 3 MB. i don't have any specific page, i just have to forbid it in php.ini or apache2.conf or something like that. I don't have any upload form myself, other people have it on their pages, and i want server to refuse upload requests bigger than 3MB. this might not be the best place to post it, as this is rather programming php forum than server administrating php forum, but there is no sub-forum in server administration with php on digitalpoint, and i thought some php programmers could know php.ini very well.
memory limit is set to 8M, so that's not it. i found few other pages doing that, one with some rapidleech script and description 'quickly download files to your server' and 2 input fields - one with "link to download" second "Referrer" so i don't think they are actually uploading files, they are rather downloading files using PHP from another server, and then they are sharing them. any idea how to limit the size of downloaded file in php ? (it is just my idea of how they do it, maybe you have some other) setting max_download_size = 3M doesnt help here is the evil script code pasted http://paste.ubuntu-nl.org/21355/
you disallow big file upload via FTP and also via HTTP POST. but what you did not recognize is, his script FETCHES the files via FOPEN URL REQUEST from rapidshare.com servers. best way against this: write a little shell-script that runs every 10 minutes or so and cleans the whole free-user-filesystem from files larger than wanted. maybe i should not have mentioned this here, because users of such scripts rely on the unknowing freehost-admins see www.RapidShot.dr.ag to see an example of such a script.