R2 Presigned URL : No upload limit ???!!! | Cloudflare Developers | Page 1

#R2 Presigned URL : No upload limit ???!!!

2 messages · Page 1 of 1 (latest)

open frigate Mar 6, 2025, 5:21 PM

Hey everyone,

I'm using presigned URLs to allow users to upload files directly to my R2 bucket, and I noticed that AWS S3 allows setting a content-length-range condition to restrict file size. However, I couldn't find any way to enforce a max file size limit in R2's presigned URLs.

Does this mean that anyone with the URL could upload huge files (even terabytes) to my bucket????!!! If so, what's the best way to prevent this? Any official way to enforce size limits at the R2 level?

Thanks!

dull hill Mar 7, 2025, 8:49 AM

The "presigned" part of presigned urls means that a signature of the URL is generated, and any change in the url will be detected.

You can find more information about presigned keys on cloudflare's documentation: https://developers.cloudflare.com/r2/api/s3/presigned-urls/

Cloudflare Docs

Presigned URLs · Cloudflare R2 docs

Presigned URLs are an S3 concept for sharing direct access to your bucket without revealing your token secret. A presigned URL authorizes anyone with the URL to perform an action to the S3 compatibility endpoint for an R2 bucket. By default, the S3 endpoint requires an AUTHORIZATION header signed by your token. Every presigned URL has S3 paramet...