Skip to main content
BuyLog In
ASP.NET Web Forms Controls
Search in…
Docs > Security Considerations > Secure File Upload > Prevent Disk Space Exhaustion
All docs
V25.1
    • ASP.NET Web Forms Controls
    .NET Support and Migration
    Prerequisites
    Supported Browsers
    What's Installed
    Get Started
    Upgrade to a New Version
    Common Concepts
    Components
    Security Considerations
    Authorization Logic
    HTML Encoding
    Content Security Policy
    Callback State Encryption
    View State Encryption
    Validate User Input
    Secure File Upload
    Control Access to Server Files
    Prevent Disk Space Exhaustion
    Validate Uploaded Files
    Prevent Unauthorized Operations
    Prevent CSRF Attacks
    Prevent Against CSV Injection Attacks
    Prevent Exposure of Sensitive Information
    Redistribution and Deployment
    Troubleshooting
    Get More Help
    .NET Framework API Reference
    Client API Reference
    Download CHM

    Prevent Disk Space Exhaustion

    • 2 minutes to read

    In a disk space exhaustion attack (a form of Denial of Service (DoS) attack), a threat actor overwhelms a target server with files designed to consume all available disk space. This topic describes how to protect your server and reduce CWE-400-related security risks.

    Limit Uploaded File Size

    The following table lists DevExpress ASP.NET Web Forms controls that support file upload operations:

    Control

    Uploaded File Size Limit

    Binary Image, File Manager, Upload Control

    Unlimited

    Html Editor

    30 MB

    Rich Text Editor, Spreadsheet

    No limit for document file size, but 30MB+ image cannot be inserted into the document.

    If file size exceeds limits, file validation fails and the control displays an error message. Specify the control’s MaxFileSize validation setting to set the maximum allowed size for uploaded files. The MaxFileSizeErrorText property allows you to customize error text.

    <dx:ASPxBinaryImage ID="BinaryImage" runat="server">
    <EditingSettings Enabled="true">
        <UploadSettings>
            <UploadValidationSettings MaxFileSize="4000000" MaxFileSizeErrorText="File size exceeds the 4MB"/>
        </UploadSettings>
    </EditingSettings>
</dx:ASPxBinaryImage>

    Refer to the following topic for additional information on maximum file size: Uploading Large Files.

    Use Stream to Access Large File Content

    The Upload Control’s FileUploadComplete and FilesUploadComplete events allow you to access uploaded files. If you allow users to upload large files, use the FileContent event argument to access file contents:

    <dx:ASPxUploadControl ID="UploadControl" runat="server" UploadMode="Advanced" ShowUploadButton="True"
    OnFilesUploadComplete="FilesUploadComplete">
    <AdvancedModeSettings EnableMultiSelect="True" />
</dx:ASPxUploadControl>

    protected void FilesUploadComplete(object sender, DevExpress.Web.FilesUploadCompleteEventArgs e) {
    if (UploadControl.UploadedFiles != null && UploadControl.UploadedFiles.Length > 0) {
        for(int i = 0; i < UploadControl.UploadedFiles.Length; i++) {
            UploadedFile file = (UploadedFile)UploadControl.UploadedFiles[i];
            if (file.IsValid && file.FileName != "") {
                using (var stream = file.FileContent) {
                    // Process files here
                }
            }
        }
    }
}
    See Also