Very large uploads with PHP

Question

I want to allow uploads of very large files into our PHP application (hundred of megs - 8 gigs). There are a couple of problems with this however.

Browser:

• HTML uploads have crappy feedback, we need to either poll for progress (which is a bit silly) or show no feedback at all
• Flash uploader puts entire file into memory before starting the upload

Server:

• PHP forces us to set post_max_size, which could result in an easily exploitable DOS attack. I'd like to not set this setting globally.
• The server also requires some other variables to be there in the POST vars, such as an secret key. We'd like to be able to refuse the request right away, instead of after the entire file is uploaded.

Requirements:

• HTTP is a must.
• I'm flexible with client-side technology, as long as it works in a browser.
• PHP is not a requirement, if there's some other technology that will work well on a linux environment, that's perfectly cool.

Answer 1

upload_max_filesize can be set on a per-directory basis; the same goes for post_max_size

e.g.:

<Directory /uploadpath/>
  php_value upload_max_filesize 10G
  php_value post_max_size 10G
</IfModule>