tencent cloud

Limiting Sizes of Uploaded Objects
Last updated:2024-06-27 15:23:57
Limiting Sizes of Uploaded Objects
Last updated: 2024-06-27 15:23:57
Cloud Object Storage (COS) supports limiting object sizes upon the upload, which allows you to manage storage space flexibly by avoiding uploading objects that are too large or too small to make full use of the bandwidth and storage space. This document gives two samples to describe how to control the objects sizes in a refined way.

Prerequisites

The samples use the information below:
APPID of the root account: 1250000000
Bucket name: examplebucket-1250000000
In practice, please replace with your own bucket and use an account with the appropriate permissions and secret key to operate the bucket.

Sample 1. Specifying a Size Range During POST Object Uploads

When uploading objects using POST Object, you can add content-length-range in the HTML form to control the object size in this request as follows:
[ "content-length-range", minNum, maxNum ]
Sample:
[ "content-length-range", 1, 10]
The JSON-formatted field above is added to policy > conditions in the POST request form. A complete policy with this field carried is as follows:
 {
    "expiration": "2021-12-31T12:00:00Z",
    "conditions": [
        { "bucket": "examplebucket-1250000000" },
        [ "starts-with", "$key", "exampleobject" ],
        { "q-ak": "AKIDQjz3ltompVjBni5LitkWHFlFpwkn****" },
        { "q-sign-algorithm": "sha1" },
        { "q-sign-time": "1567150692;1567157892" },
        [ "content-length-range", 1, 10 ]
    ]
}
For more information about how to construct a complete request, please see POST Object.

Response

The following response will be returned as follows if the size of the object is within the specified size range:
HTTP/1.1 204 
Content-Length: 0
Connection: close
Date: Wed, 23 Aug 2020 08:14:53 GMT
ETag: "ee8de918d05640145b18f70f4c3aa602"
Location: http://examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com/exampleobject
Server: tencent-cos
x-cos-request-id: NWQ2NzgxMzZfMmViMDJhMDlfY2NjOF84NGQz****
The response will fail if the object size is not in the specified range.
If the object is too big, the response is as follows:
HTTP/1.1 400 Bad Request
Content-Type: application/xml
Content-Length: 498
Connection: keep-alive
Date: Wed, 23 Aug 2020 08:14:53 GMT
Server: tencent-cos
x-cos-request-id: NTk5ZDM5N2RfMjNiMjM1MGFfMmRiX2Y0****


<?xml version='1.0' encoding='utf-8' ?>
<Error>
        <Code>EntityTooLarge</Code>
        <Message>Condition key content-length-range doesn‘t match the value </Message>
        <Resource>examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com/exampleobject</Resource>
        <RequestId>NTk5ZDM5N2RfMjNiMjM1MGFfMmRiX2Y0****</RequestId>
</Error>
If the object is too small, the response is as follows:
HTTP/1.1 400 Bad Request
Content-Type: application/xml
Content-Length: 498
Connection: keep-alive
Date: Wed, 23 Aug 2020 08:14:53 GMT
Server: tencent-cos
x-cos-request-id: NTk5ZDM5N2RfMjNiMjM1MGFfMmRiX2Y0****


<?xml version='1.0' encoding='utf-8' ?>
<Error>
        <Code>EntityTooSmall</Code>
        <Message>Condition key content-length-range doesn‘t match the value </Message>
        <Resource>examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com/exampleobject</Resource>
        <RequestId>NTk5ZDM5N2RfMjNiMjM1MGFfMmRiX2Y0****</RequestId>
</Error>

Sample 2. Specifying a Size Range when Applying for a Temporary Credential

The method used in sample 1 is easy, which requires only one parameter in the HTML form. However, it only supports POST Object but not PUT Object. Moreover, since the requester can still modify the parameter in requests, uploading objects beyond the specified size range is still possible, making it hard for central management.
To solve the problem above, bucket managers can use the following fields to limit the object size when applying for a temporary key. For COS objects, use the fixed cos:content-length.
Condition Field
Description
Example
numeric_greater_than
A number greater than
{"numeric_greater_than": {"cos:content-length": 1}}, The object size must be greater than 1 byte.
numeric_greater_than_equal
A number greater than or equal to
{"numeric_greater_than_equal": {"cos:content-length": 1}}, The object size must be greater than or equal to 1 byte.
numeric_less_than
A number smaller than
{"numeric_less_than": {"cos:content-length": 1}}, The object must be smaller than 1 bytes.
numeric_less_than_equal
A number smaller than or equal to
{"numeric_less_than_equal": {"cos:content-length": 1}}, The object must be smaller than 10 bytes.
For the complete request sample, please see the Obtaining a Temporary Access Credential API Documentation of STS. A complete policy is as follows:
{
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "cos:PutObject",
                "cos:PostObject"
            ],
            "resource":[
                "qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/*"
            ],

            "condition": {
                "numeric_greater_than_equal": {"cos:content-length": 1}
                , "numeric_less_than": {"cos:content-length": 10}
            }
        }
    ]
}
With the temporary credential obtained using the following policy, you can call the PUT Object or POST Object API to upload objects to the examplebucket-1250000000 bucket, with the object sizes limited to [1, 10), in bytes.
Note:
This policy is only applicable to the cos:PutObject and cos:PostObject actions. Using other actions such as cos:GetObject will fail.
This method allows bucket managers or the authentication center to centrally apply for temporary credentials and limit the size during the application, after which the credentials can be distributed to operators or business modules. In this way, object sizes can be controlled, avoiding uploading objects beyond the size range due to parameter modification.

Response

If the size of the uploaded object is within the specified range, the upload request will succeed with 200 or 204 returned. Otherwise, 403 will be returned, as shown below:
HTTP/1.1 403 Forbidden
Content-Type: application/xml
Content-Length: 298
Connection: keep-alive
Date: Wed, 23 Aug 2020 08:14:53 GMT
Server: tencent-cos
x-cos-request-id: NTk5ZDM5N2RfMjNiMjM1MGFfMmRiX2Y0****

Example 3: Restricting file upload types using bucket policies

You can specify the file upload type in the bucket policy. For bucket policy syntax examples, please refer to Bucket Policy Examples.
The steps to restrict file upload types using bucket policies are as follows:
1. Log in to the COS Console.
2. Click Bucket List on the left sidebar, select the bucket to which you want to add a bucket policy, and enter the bucket.
3. Click Permission Management > Policy Settings.
4. Based on your requirements, choose either Graphical Settings or Policy Syntax to add a bucket policy. For information on configuration items, please refer to Access Policy Language Overview.
5. When configuring bucket permission settings, set content-type to specify the file type, as shown in the image below:


Note
Supported file types: JPG, JPEG, PNG.
6. Click Confirm to save the policy. The policy is as follows:
{
  "Statement": [
{
  "Action": [
    "name/cos:PutObject"
  ],
  "Effect": "Allow",
  "Principal": {
    "qcs": [
      "qcs::cam::anyone:anyone"
    ]
  },
  "Resource": [
    "qcs::cos:ap-nanjing:uid/1250000000:examplebucket-1250000000/*"
  ],
  "Condition": {
            "ForAllValues:StringEquals": {
                "cos:content-type"["image/png"]
            }
}
  ],
  "version": "2.0"
}
7. Verify if the policy is effective.
7.1 Following the steps above, set the configuration to allow only PNG files to be uploaded, and upload a PNG format file:
7.2 Verify if uploading a PNG format file is successful:


7.3 Verify if uploading a JPEG format file is successful:

From this, it can be seen that the policy successfully intercepted non-PNG format files from being uploaded to COS.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback