Skip to main content
BuyLog In
ASP.NET Web Forms Controls
Search in…
Docs > Security Considerations > Secure File Upload > Prevent Disk Space Exhaustion
All docs
V24.2
ASP.NET Web Forms Controls
.NET Support and Migration
Prerequisites
Supported Browsers
What's Installed
Get Started
Upgrade to a New Version
Common Concepts
Components
Security Considerations
HTML Encoding
Callback State Encryption
View State Encryption
Validate User Input
Secure File Upload
Control Access to Server Files
Prevent Disk Space Exhaustion
Validate Uploaded Files
Prevent CSRF Attacks
Prevent Against CSV Injection Attacks
Prevent Exposure of Sensitive Information
Redistribution and Deployment
Troubleshooting
Get More Help
.NET Framework API Reference
Client API Reference
Download CHM

Prevent Disk Space Exhaustion

  • 2 minutes to read

In a disk space exhaustion attack (a form of Denial of Service (DoS) attack), a threat actor overwhelms a target server with files designed to consume all available disk space. This topic describes how to protect your server and reduce CWE-400-related security risks.

Limit Uploaded File Size

The following table lists DevExpress ASP.NET Web Forms controls that support file upload operations:

Control

Uploaded File Size Limit

Binary Image, File Manager, Upload Control

Unlimited

Html Editor

30 MB

Rich Text Editor, Spreadsheet

No limit for document file size, but 30MB+ image cannot be inserted into the document.

If file size exceeds limits, file validation fails and the control displays an error message. Specify the control’s MaxFileSize validation setting to set the maximum allowed size for uploaded files. The MaxFileSizeErrorText property allows you to customize error text.

<dx:ASPxBinaryImage ID="BinaryImage" runat="server">
    <EditingSettings Enabled="true">
        <UploadSettings>
            <UploadValidationSettings MaxFileSize="4000000" MaxFileSizeErrorText="File size exceeds the 4MB"/>
        </UploadSettings>
    </EditingSettings>
</dx:ASPxBinaryImage>

Refer to the following topic for additional information on maximum file size: Uploading Large Files.

Use Stream to Access Large File Content

The Upload Control’s FileUploadComplete and FilesUploadComplete events allow you to access uploaded files. If you allow users to upload large files, use the FileContent event argument to access file contents:

<dx:ASPxUploadControl ID="UploadControl" runat="server" UploadMode="Advanced" ShowUploadButton="True"
    OnFilesUploadComplete="FilesUploadComplete">
    <AdvancedModeSettings EnableMultiSelect="True" />
</dx:ASPxUploadControl>

protected void FilesUploadComplete(object sender, DevExpress.Web.FilesUploadCompleteEventArgs e) {
    if (UploadControl.UploadedFiles != null && UploadControl.UploadedFiles.Length > 0) {
        for(int i = 0; i < UploadControl.UploadedFiles.Length; i++) {
            UploadedFile file = (UploadedFile)UploadControl.UploadedFiles[i];
            if (file.IsValid && file.FileName != "") {
                using (var stream = file.FileContent) {
                    // Process files here
                }
            }
        }
    }
}
See Also