Consortium News
Promotional Links
Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information


Test Description

Checks if upload_max_filesize is greater than 256KB.

Security Implications

upload_max_filesize limits the maximum size of files that PHP will accept through uploads. Attackers may attempt to send grossly oversized files to exhaust your system resources; by setting a realistic value here you can mitigate some of the damage by those attacks. By default, PHP sets this value to 2MB.


You can set upload_max_filesize in the php.ini file:

; Lower upload_max_filesize for security reasons
upload_max_filesize = 256K

The setting can also be applied in apache's httpd.conf file, or an .htaccess file:

# Lower upload_max_filesize for security reasons
php_value  upload_max_filesize  256K

More Information

« Test information index

Get PhpSecInfo