PHP(与Apache或Nginx的)POST请求前检查HTTP标头可以完成? [英] Can PHP (with Apache or Nginx) check HTTP header before POST request finished?
问题描述
下面是一个简单的文件上传表单HTML。
Here is a simple file upload form HTML.
<form enctype="multipart/form-data" action="upload.php" method="POST">
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
和PHP文件是pretty很简单。
And the php file is pretty simple too.
<?php
die();
正如你所见,PHP脚本什么也不做服务器端。但是,当我们上传大文件,进程仍然花费很长的时间。
As you see, the PHP script do nothing in server side. But when we uploading a big file, the process still cost a long time.
我知道,POST过程结束之后,我的PHP code将执行。 PHP的必须的$ P $数组ppare分析的第一行code之前名为$ _ POST和$ _FILES。
I know, my PHP code will executed after the POST process ended. PHP MUST prepare the array named $_POST and $_FILES before the first line code parsed.
所以我的问题是:?POST请求完成后可以在PHP(与Apache或Nginx的)检查HTTP头文件之前
So my question is: Can PHP (with Apache or Nginx) check HTTP header before POST request finished?
例如,一些PHP扩展或Apache模块。
For example, some PHP extensions or Apache modules.
有人告诉我,Python或Node.js的可以解决这个问题,只是想知道如果PHP可以与否。
I was told that Python or node.js can resolve this problem, just want to know if PHP can or not.
感谢。
=====更新1 =====
================ UPDATE 1 ================
我的目标是试图阻止一些意想不到的文件上传请求。例如,我们生成一个唯一的令牌POST目标URL(如的http://some.com/upload.php?token=268dfd235ca2d64abd4cee42d61bde48&t=1366552126).在服务器端,我的code,如:
My target is try to block some unexpected file-upload request. For example, we generated a unique token as POST target url (like http://some.com/upload.php?token=268dfd235ca2d64abd4cee42d61bde48&t=1366552126). In server side, my code like:
<?php
define(MY_SALT, 'mysalt');
if (!isset($_GET['t']) || !isset($_GET['token']) || abs(time()-$_GET['t'])>3600 || md5(MY_SALT.$_GET['t'])!=$_GET['token']) {//token check
die('token incorrect or timeout');
}
//process the file uploaded
/* ... */
code看起来有道理:-P但不能节省带宽如我所料。原因是PHP code运行为时已晚,我们不能检查标记之前,文件上传完毕。如果有人在URL上传文件而不正确的标记,我的服务器的网络资源和CPU仍然浪费了。
Code looks make sense :-P but cannot save bandwidth as I expected. The reason is PHP code runs too late, we cannot check token before file uploading finished. If someone upload file without correct token in url, the network and CPU of my server still wasted.
任何建议表示欢迎。非常感谢。
Any suggestion is welcome. Thanks a lot.
推荐答案
有在 HTTP 无解的水平,但有可能在 TCP 的水平。见我选择了另外一个问题的答案:
There is no solution in HTTP level, but is possible in TCP level. See the answer I chose in another question:
<一个href=\"http://stackoverflow.com/questions/16167935/break-http-file-uploading-from-server-side-by-php-or-apache\">Break通过PHP或Apache 从服务器端的HTTP文件上传
Break HTTP file uploading from server side by PHP or Apache
这篇关于PHP(与Apache或Nginx的)POST请求前检查HTTP标头可以完成?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
