My users want to upload large files (50-100MB) in the CMS backend of a PHP web application. I could adjust the upload_max_filesize and post_max_size settings for PHP globally in this virtual host, but I'm afraid that would make Denial of Service attacks easier than necessary.
In theory, these two settings can be adjusted per directory (either in the virtual host config file, or via .htaccess files), and I only need the larger values in the admin area. Unfortunately, this application has only a start.php in the web root (single point of entry), and all other PHP files are included from there. This appears to make a per-directory setting impossible. I've tried to match the path used in the CMS with <Location>, but even with the correct path, the php_value directives don't have any effect.
<LocationMatch ^/admin>
php_value upload_max_filesize 100MB
php_value post_max_size 100MB
</LocationMatch>
(mod_rewrite is used to translate a path like /admin/content/bla to /start.php?_p=/admin/content/bla, which is why the "start.php" file name does not appear in the above expression.)
Is there any way to make this work? I'm also open for alternative suggestions; for example, an IP-based setup might be possible in our case.
TIA.
-
First try if it works at least using '/':
<LocationMatch ^/>If yes, then try one of these:
<LocationMatch ^/start.php\?_p=/admin> <LocationMatch ^/start.php?_p=/admin> <LocationMatch _p=/admin>Pleae also note that:
< Location> sections are processed in the order they appear in the configuration file, after the sections and .htaccess files are read, and after the sections.
src: http://httpd.apache.org/docs/2.0/mod/core.html#location
Zilk : Thanks. I've confirmed that the expression matches, but the php_value directives appear to have no effect there.Weboide : If you are using php5-cgi, php_value might not work.joschi : The query string is *not* matched with the `Location` or `LocationMatch` directives.From Weboide
0 comments:
Post a Comment