Do you have  $CGI::POST_MAX = 1024 * 1024 * 20 in /cgi-bin/start_analysis.cgi ?

Are you kidding me? That was absolutely the solution. For the internet's future reference (and in case anyone besides me is still using CGI), POST_MAX has to be set in the script receiving the POST, not the script sending the POST. I don't know why that wasn't clear, but it absolutely wasn't. The CGI documentation left me with the impression that POST_MAX would prevent a script from submitting a too-large post, not that it would prevent a script from receiving a too-large post.

Thank you!

Don't feel bad. Easy and common mistake for early attempts in this area. Note however that the first form/CGI does not send the POST at all; it sends nothing to the second. It presents a form to the browser which gives the browser the parameters that it should POST and where to do it.

..mmh what I'd try too will be setting $CGI::POST_MAX even before CGI::Carp or even in a BEGIN block just after use CGI

you can also try to do the job on your own, like in A serious security problem with CGI.pm 3.01?:

BEGIN # run before anything
{
  my $POST_MAX = -1;
  my $CL = defined($ENV{'CONTENT_LENGTH'}) ? $ENV{'CONTENT_LENGTH'} : 
+0;

    if(($POST_MAX > 0) and ($CL > $POST_MAX))
    {
        print "Content-Type: text/plain\n",
              "Status: 413\n\n",
              "413 Request entity too large";
        exit;
    }
}
[download]

Infact this seems very simliar to what happens in the CGI.pm code:

METHOD: {

      # avoid unreasonably large postings
      if (($POST_MAX > 0) && ($content_length > $POST_MAX)) {
    #discard the post, unread
    $self->cgi_error("413 Request entity too large");
    last METHOD;
      }
[download]

See also Detecting when a $CGI::POST_MAX limit is exceeded and CGI.pm file upload freaking me out

L*

Cool. Thank you. Now that poj has pointed out the apparently obvious to me below, I like your begin-block approach as it provides for better error-handling and can give the user with more useful feedback. Thanks for taking the time to reply.

..mmh what I'd try too will be setting $CGI::POST_MAX even before CGI::Carp or even in a BEGIN block just after use CGI

No need for any such extra typing , the documentation doesn't lie, and it is as simple as use CGI; $CGI::POST_MAX=...; ... and it should works 100% of the time.

you can also try to do the job on your own, like in A serious security problem with CGI.pm 3.01?:

No no no, that node is ~two decades old. If you're using CGI.pm that old upgrade.

Infact this seems very simliar to what happens in the CGI.pm code: You can insert temporarly some debug statements here in the module to dump what $content_length is at the moment.

A presumed beginner is supposed to debug CGI.pm? No way. Not funny. No.

See also Detecting when a $CGI::POST_MAX limit is exceeded and CGI.pm file upload freaking me out

Meh, long and exactly relevant .... shortcut https://metacpan.org/pod/CGI#Retrieving-cgi-errors

"...limit uploads..."

You might take a look at File uploads with Mojolicious. And for further inspiration please see The Long Death of CGI.pm, Alternative to CGI.pm, Re^3: How do I run a loop within a PSGI application, and Re: Best practices: Generating HTML content.

Best regards, Karl

Thanks, Karl. This project is already way too far along in CGI for me to consider re-doing it in Mojolicious or something similar, but if I ever try to convert another bioinformatic pipeline of mine to a web application (honestly, not likely), I'll consider another approach like you've suggested.

Thanks!

Hmm, none of those links show how to limit the size of uploads

Ibidem, a bit below...?

"To protect you from excessively large files there is also a limit of 16MiB by default, which you can tweak with the attribute "max_request_size" in Mojolicious."

# Increase limit to 1GiB
app->max_request_size(1073741824);
[download]

«The Crux of the Biscuit is the Apostrophe»

perl -MCrypt::CBC -E 'say Crypt::CBC->new(-key=>'kgb',-cipher=>"Blowfish")->decrypt_hex($ENV{KARL});'Help

Hi

Which version of CGI.pm do you have?