Tim Starling wrote:
The problem is just that increasing the limits in our main Squid and Apache pool would create DoS vulnerabilities, including the prospect of "accidental DoS". We could offer this service via another domain name, with a specially-configured webserver, and a higher level of access control compared to ordinary upload to avoid DoS, but there is no support for that in MediaWiki.
We could theoretically allow uploads of several gigabytes this way, which is about as large as we want files to be anyway. People with flaky internet connections would hit the problem of the lack of resuming, but it would work for some.
-- Tim Starling
I don't think it wouldn't be a problem for MediaWiki if we wanted to go this route. There could be eg. http://upload.en.wikipedia.org/ which redirected all wiki pages but Special:Upload to http://en.wikipedia.org/
The "normal" Special:Upload would need a redirect there, for accesses not going via $wgUploadNagivationUrl, but that's a couple of lines.
Having the normal apaches handle uploads instead of a dedicated pool has some issues, including the DoS you mention, filled /tmp/s, needing write access to storage via nfs...