Cloudflare R2 Presigned Url limit file size

I’m trying to build a service using the Cloudflare r2 service.
I would like to use the presigned url method to let the user upload the file to ease the burden on the server.
However, I want to specify the maximum size of the file on the url to protect the service from malicious users, is there any way?
Or can I limit the upload size to less in my r2 account settings?

Hey!

We have already some limitations:

You can always add an IP access Rule to prevent another sources to perform such actions.

Take care!

Can i set custom limit?

Yes, you can use presigned URLs to limit file size.

For example, using aws4fetch:

const signedUrl = await r2.sign(`https://[ACCOUNT-ID].cloudflarestorage.com/[BUCKET]/${filename}`,
        {
            method: "PUT",
            aws: { signQuery: true, allHeaders: true },
            headers: {
                "x-amz-expires": 14400,
                "x-amz-meta-custom": "Some custom value",
                "content-type": "image/jpeg",
                "content-length": contentLength // make sure this isn't larger than the maximum you want to allow
            },
        }
    );

It’s worth noting that signing a content-length requires the request to have that exact size, so you’ll need to get the file size upfront from the user during your process.

I use aws-sdk-js-v3 so I solved this issue with the following code similar to the one you replied to.

const signableHeaders = new Set<string>();
signableHeaders.add('content-length');
const uploadURL = await getSignedUrl(S3, new PutObjectCommand({Bucket: 'Bucket_Name', Key: 'example.zip', ContentLength: 10000 }), { expiresIn: 60 * 10, signableHeaders });