I’m working on a page which accepts file uploads. In theory, I can
detect when the file they’re sending me is too big (by looking at the
Content-Length of their response), and refuse to accept the upload,
returning an HTTP 413 “Request Entity Too Large” error.

However, it seems that simply doing that is not enough — Firefox, at
least, will still keep sending the rest of the file (which could take a
Long Time), before it shows my error page.

The HTTP
spec says that I: “MAY close the connection to prevent the client
from continuing the request.” However, doing either a ‘close STDIN’,
‘shutdown STDIN, 0’, or some variant of that does not seem to do the
trick — Firefox still keeps sending the file.

I suspect that, when my mod_perl handler closes the connection, it’s
just closing the connection between itself and Apache; Apache keeps the
connection between it and the client alive. Is there some way to tell
Apache to shut down the connection? Otherwise, this seems like a great
DoS vector.

Any suggestions would be welcome.