Skip to main content
All docs
V24.1

Prevent Disk Space Exhaustion

  • 2 minutes to read

In a disk space exhaustion attack (a form of Denial of Service (DoS) attack), a threat actor overwhelms a target server with files designed to consume all available disk space. This topic describes how to protect your server and reduce CWE-400-related security risks.

Limit Uploaded File Size

The following table lists DevExpress ASP.NET Web Forms controls that support file upload operations:

Control

Uploaded File Size Limit

Binary Image, File Manager, Upload Control

Unlimited

Html Editor

30 MB

Rich Text Editor, Spreadsheet

No limit for document file size, but 30MB+ image cannot be inserted into the document.

If file size exceeds limits, file validation fails and the control displays an error message. Specify the control’s MaxFileSize validation setting to set the maximum allowed size for uploaded files. The MaxFileSizeErrorText property allows you to customize error text.

<dx:ASPxBinaryImage ID="BinaryImage" runat="server">
    <EditingSettings Enabled="true">
        <UploadSettings>
            <UploadValidationSettings MaxFileSize="4000000" MaxFileSizeErrorText="File size exceeds the 4MB"/>
        </UploadSettings>
    </EditingSettings>
</dx:ASPxBinaryImage>

Refer to the following topic for additional information on maximum file size: Uploading Large Files.

Use Stream to Access Large File Content

The Upload Control’s FileUploadComplete and FilesUploadComplete events allow you to access uploaded files. If you allow users to upload large files, use the FileContent event argument to access file contents:

<dx:ASPxUploadControl ID="UploadControl" runat="server" UploadMode="Advanced" ShowUploadButton="True"
    OnFilesUploadComplete="FilesUploadComplete">
    <AdvancedModeSettings EnableMultiSelect="True" />
</dx:ASPxUploadControl>
protected void FilesUploadComplete(object sender, DevExpress.Web.FilesUploadCompleteEventArgs e) {
    if (UploadControl.UploadedFiles != null && UploadControl.UploadedFiles.Length > 0) {
        for(int i = 0; i < UploadControl.UploadedFiles.Length; i++) {
            UploadedFile file = (UploadedFile)UploadControl.UploadedFiles[i];
            if (file.IsValid && file.FileName != "") {
                using (var stream = file.FileContent) {
                    // Process files here
                }
            }
        }
    }
}
See Also