Limit File Upload Size

Category: Blog • Posted by Jeff Starr • Post Date:

This tutorial explains how to protect against DoS attacks by limiting file upload size.

Problem

If your online form enables users to upload files, you may want to control the maximum allowed file size. Otherwise, you're vulnerable to clowns who want to prove themselves by uploading some mammoth-sized file. Uploading massively sized files is a common way of attacking a site with Denial of Service (aka DoS attack). And you don't want that.

Solution

To prevent DoS and other nonsense, you can limit the max allowed file size by adding the following slice of .htaccess:

# LIMIT UPLOAD SIZE to 10 MB
# 10240000 bytes ~ 10 megabytes
LimitRequestBody 10240000

Of course, 10 MB is arbitrary; feel free to customize the allowed size with whatever works best for you. Just remember, we're specifying bytes here, so use an online service to help with the unit conversion.