Skip to main content
All docs
V25.1
  • Prevent Disk Space Exhaustion

    • 2 minutes to read

    In a disk space exhaustion attack (a form of Denial of Service (DoS) attack), a threat actor overwhelms a target server with files designed to consume all available disk space. This topic describes how to protect your server and reduce CWE-400-related security risks.

    Limit Uploaded File Size

    The following table lists DevExpress ASP.NET Web Forms controls that support file upload operations:

    Control

    Uploaded File Size Limit

    Binary Image, File Manager, Upload Control

    Unlimited

    Html Editor

    30 MB

    Rich Text Editor, Spreadsheet

    No limit for document file size, but 30MB+ image cannot be inserted into the document.

    If file size exceeds limits, file validation fails and the control displays an error message. Specify the control’s MaxFileSize validation setting to set the maximum allowed size for uploaded files. The MaxFileSizeErrorText property allows you to customize error text.

    <dx:ASPxBinaryImage ID="BinaryImage" runat="server">
        <EditingSettings Enabled="true">
            <UploadSettings>
                <UploadValidationSettings MaxFileSize="4000000" MaxFileSizeErrorText="File size exceeds the 4MB"/>
            </UploadSettings>
        </EditingSettings>
    </dx:ASPxBinaryImage>
    

    Refer to the following topic for additional information on maximum file size: Uploading Large Files.

    Use Stream to Access Large File Content

    The Upload Control’s FileUploadComplete and FilesUploadComplete events allow you to access uploaded files. If you allow users to upload large files, use the FileContent event argument to access file contents:

    <dx:ASPxUploadControl ID="UploadControl" runat="server" UploadMode="Advanced" ShowUploadButton="True"
        OnFilesUploadComplete="FilesUploadComplete">
        <AdvancedModeSettings EnableMultiSelect="True" />
    </dx:ASPxUploadControl>
    
    protected void FilesUploadComplete(object sender, DevExpress.Web.FilesUploadCompleteEventArgs e) {
        if (UploadControl.UploadedFiles != null && UploadControl.UploadedFiles.Length > 0) {
            for(int i = 0; i < UploadControl.UploadedFiles.Length; i++) {
                UploadedFile file = (UploadedFile)UploadControl.UploadedFiles[i];
                if (file.IsValid && file.FileName != "") {
                    using (var stream = file.FileContent) {
                        // Process files here
                    }
                }
            }
        }
    }
    
    See Also