s3 direct upload restricting file size and type

送分小仙女□ 提交于 2019-11-27 03:46:18
stonyau

If you are talking about security problem (people uploading huge file to your bucket), yes, You CAN restrict file size with browser-based upload to S3.

Here is an example of the "policy" variable, where "content-length-range" is the key point.

"expiration": "'.date('Y-m-d\TG:i:s\Z', time()+10).'",
"conditions": [
    {"bucket": "xxx"},
    {"acl": "public-read"},
    ["starts-with","xxx",""],
    {"success_action_redirect": "xxx"},
    ["starts-with", "$Content-Type", "image/jpeg"],
    ["content-length-range", 0, 10485760]
]

In this case, if the uplaoding file size > 10mb, the upload request will be rejected by Amazon.

Of course, before starting the upload process, you should use javascript to check the file size and make some alerts if it does.

getting file size in javascript

AWS wrote a tutorial explaining how to create HTML POST forms that allow your web site visitors to upload files into your S3 account using a standard web browser. It uses S3 pre-signed URLs to prevent tampering and you can restrict access by file size.

To do what you are wanting to do, you will need to upload through your own web service. This is probably best anyway, as providing global write access to your end users to your S3 bucket is a security nightmare, not too mention there would be nothing stopping them from uploading huge files and jacking up your charges.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!