Django Image Upload ...防止大文件上传 [英] Django Image Upload...Prevent huge file uploads
问题描述
我的网站依赖于用户上传的图像文件。我想限制max_upload_size。
My site relies on user uploaded image files. I want to limit the max_upload_size.
我知道您可以在settings.py中设置FILE_UPLOAD_MAX_MEMORY_SIZE。如果上传的文件大于此大小,则会将其写入tmp目录中的磁盘。这样处理得差不多吗?
I know that you can set FILE_UPLOAD_MAX_MEMORY_SIZE in settings.py. If a file larger than this size is uploaded, it's written to the disk within the tmp dir. Does that pretty much handle things? Will huge images still affect my site's performance at all?
我见过的另一种方法是在apache中配置max_upload_size,这似乎包含在php中。
One alternative that I've seen is to configure the max_upload_size in apache, which (it seems) is contained in php.ini. Does that sound right? Is it advisable?
另一步是检查文件对象的属性。我仔细阅读了此摘录(http://djangosnippets.org/snippets/1303/),其中介绍了一种表单验证方法。
Another step involves inspecting the File Object's attributes. I've looked through this snipet (http://djangosnippets.org/snippets/1303/) which presents a form validation method.
def clean_content(self):
content = self.cleaned_data['content']
content_type = content.content_type.split('/')[0]
if content_type in settings.CONTENT_TYPES:
if content._size > settings.MAX_UPLOAD_SIZE:
raise forms.ValidationError(_('Please keep filesize under %s. Current filesize %s') % (filesizeformat(settings.MAX_UPLOAD_SIZE), filesizeformat(content._size)))
else:
raise forms.ValidationError(_('File type is not supported'))
return content
此处的潜在问题是
1)此代码适用于FileField,而不适用于ImageField。我知道ImageField是FileField的子类,因此我认为这不是问题。
1) this code applies to a FileField, not an ImageField. I know that ImageField subclasses FileField, so I assume that this is not an issue. Is that true?
2)在验证之前会读取整个HttpRequest请求(因此,大文件仍然是一个问题)。此外,即使引发验证错误,文件仍仍写入tmp吗?
2)The entire HttpRequest request is read before validation (so huge files would still be a problem). Also, is the file still written to tmp, even if it raises a validation error?
最后,您还会注意到此表单验证尝试过滤内容类型。我认为这只是一文不值,因为它只是在研究扩展,因此很容易被欺骗。那还公平吗?
Finally, you'll also notice that this form validation attempts to filter for content types. I assume that's mostly worthless as it's just looking at extensions, which can easily be spoofed. Is that also fair?
我知道这个问题有点麻烦,但这是一个艰巨而分散的主题(至少对我而言)
I know this question is a bit rambling, but it's a tough and diffusive subject matter (for me at least)
推荐答案
我知道您可以在
settings.py中设置
FILE_UPLOAD_MAX_MEMORY_SIZE。如果上传的文件大于
,则将其写入tmp目录中的磁盘
。那
差不多能处理吗?巨大的
图片仍然会完全影响我网站的
性能吗?
I know that you can set FILE_UPLOAD_MAX_MEMORY_SIZE in settings.py. If a file larger than this size is uploaded, it's written to the disk within the tmp dir. Does that pretty much handle things? Will huge images still affect my site's performance at all?
取决于您的句柄意思。它将使处理上传的过程不会将整个文件读到内存中,也不会耗尽服务器的资源。它仍然可以成功上传,并且您仍将保存大文件。我认为这可能会影响您网站的性能,因为您将使服务器进程与上载捆绑在一起,而上载将需要更长的时间才能完成,因为它要撞击磁盘,这相对较慢。
Depends on what you mean by "handle". It will keep the process handling the upload from reading the entire file into memory and using up your server's resources. It will still succeed in uploading and you'll still be saving a "large" file. I would think it could affect your site's performance because you're going to keep a server process tied up with an upload that will take longer to complete since it is going to hit the disk, which is relatively slow.
我见过的另一种方法是
在
apache中配置max_upload_size,(看起来)包含在
中在php.ini中。听起来对吗?
明智吗?
One alternative that I've seen is to configure the max_upload_size in apache, which (it seems) is contained in php.ini. Does that sound right? Is it advisable?
有一种方法可以限制请求的apache大小,但这不是通过该设置。 php.ini中的所有内容都是特定于PHP的,与Django无关。您正在寻找apache的 LimitRequestBody 指令。
There is a way to limit a request's size in apache but it's not via that setting. Anything in php.ini is specific to PHP and irrelevant to Django. You're looking for apache's LimitRequestBody directive.
这里的问题是关于您想要完成的任务。您是否只想限制站点存储的文件大小,但不关心文件是否实际上传(您不关心带宽使用情况)?如果是这样,那么您可以采用表单验证的方式,以便向用户展示更好的错误。
The question here is about what you want to accomplish. Do you only want to limit the size of the files your site stores, but you do not care if they are actually uploaded (you're not concerned about your bandwidth usage)? If so, then you can go the form validation route so as to present nicer errors to your users.
但是,如果您确实关心大型上传和更新所占用的带宽,您想要停止以N MB上传任何文件,那么您应该考虑使用类似 QuotaUploadHandler 或通过您的网络服务器设置限制(请参见上面的LimitRequestBody)。如果使用上载处理程序,则需要在引发StopUpload异常时测试行为-在文件上传文档。如果您选择让apache在达到一定大小后停止上传,则可能会向超过该限制的用户显示一些难看的错误页面。
However, if you do care about the bandwidth used by large uploads and you want to stop the upload of any file at N MB, then you should look into using something like this QuotaUploadHandler or setting a limit via your webserver (see LimitRequestBody above). If you use the upload handler, you'll need to test the behavior when the StopUpload exception is raised -- there is a tiny comment about it in the "receive_data_chunk" method in the File Uploads docs. If you choose to let apache stop uploads after a certain size, you'll probably end up showing some rather ugly error pages to your users who surpass that limit.
这篇关于Django Image Upload ...防止大文件上传的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
