One of the 'security measures' in my webservice is blocking large file uploads.
I want to cancel a file upload request ASAP when too large files are sent.
Since the requests with the file uploads are going to be the largest ones anyway, I currently have this code in the BeforeDispatch handler of the TWebModule:
procedure TWebModuleWebServices.WebModuleBeforeDispatch(Sender: TObject; Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
begin
// Request that are too large are going to be dropped silently:
if Request.ContentLength > cMaxContentSize then
begin
Handled := true;
Exit;
end;
Is the BeforeDispatch handler the earliest possible stage for this test, or is there a better place?
The web service is built around a TIdHTTPWebBrokerBridge (= class(TIdCustomHTTPServer), see IdHTTPWebBrokerBridge.pas)
With Indy, TCustomWebDispatcher.BeforeDispatch event is too late as the post data stream has already been retrieved in TIdCustomHttpServer.DoExecute. You can use TIdCustomHTTPServer.OnHeadersAvailable event - which is triggered earlier - to avoid it by setting VContinueProcessing to False.