Tim Starling wrote:
The problem is just that increasing the limits in our
main Squid and
Apache pool would create DoS vulnerabilities, including the prospect
of "accidental DoS". We could offer this service via another domain
name, with a specially-configured webserver, and a higher level of
access control compared to ordinary upload to avoid DoS, but there is
no support for that in MediaWiki.
We could theoretically allow uploads of several gigabytes this way,
which is about as large as we want files to be anyway. People with
flaky internet connections would hit the problem of the lack of
resuming, but it would work for some.
-- Tim Starling
I don't think it wouldn't be a problem for MediaWiki if we wanted to go
this route. There could be eg.
http://upload.en.wikipedia.org/ which
redirected all wiki pages but Special:Upload to
http://en.wikipedia.org/
The "normal" Special:Upload would need a redirect there, for accesses
not going via $wgUploadNagivationUrl, but that's a couple of lines.
Having the normal apaches handle uploads instead of a dedicated pool has
some issues, including the DoS you mention, filled /tmp/s, needing write
access to storage via nfs...