What exception must I throw for a POST that is too large?

Question

0.00/5 (No votes)

See more:

I am trying to ensure my MVC4 app is secured against the slow HTTP POST Dos attacks. I have run into a brick wall trying to set Server.ScriptTimeout, so now I'm trying to terminate requests where the content length exceeds a maximum value. I never like just throwing a blanket exception, so what should I be throwing here:

C#

public abstract class BaseController: Controller
    {
        protected static int MaxContentLength = 10;
        protected override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext.HttpContext.Request.RequestType == "POST")
            {
                if (filterContext.HttpContext.Request.ContentLength > MaxContentLength)
                {
                    throw new what???
                }
            }
            base.OnActionExecuting(filterContext);
        }
    }

Posted 27-Nov-14 20:39pm

Brady Kelly

Updated 27-Nov-14 20:40pm

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Afzaal Ahmad Zeeshan · Accepted Answer · 2014-11-27T20:55:00

Well, you can create your own Exception that would inherit from the base Exception class. That would have the text and a name that would tell the user that this is bad - well, it will tell him what went wrong.

For creating customs, you can read this document[^].

It will be like this,

C#

using System;

// extends the Exception base...
public class FileTooLargeException : Exception {
   // default constructor
   public FileTooLargeException () {
      // default error message to show, 
      // such as, "Maximum file size is 5mb".
   }
   // you can create your own too, to accept parameters and conditions etc
}

.. then call it using that statement.

However, you can also pass a simple string to the Exception to remove the blank-ness of it as this one,

C#

throw new Exception("Maximum file size is 5mb.");

.. this one would be more like it. Did you try?

While I was out, I was working on this answer - you can throw an HttpException that is present inside the System.Web. Use this HttpException instead of that Exception in my second code block and it will be the HttpException[^] in your application.

Somehow, there is a web.config file (since you're working with ASP.NET) where you can yourself specify the maximum size for the uploaded file. If you specify the size there, it will help you to focus on the logic only and the ASP.NET will take care of the remaining stuff itself. It is to be written like this,

HTML

<configuration>
  <system.web>
    <httpRuntime maxRequestLength="xxx" />
  </system.web>
</configuration>

.. these are a few methods that you can use in this scenario. :-)