Using HTTP POST for denial of service

most sites that accept content uploads have to work around the fact that browsers don't display any useful progress messages when uploading a file (why? historical I think). they usually end up providing a flash plugin (sigh), then a non-flash solution for flash-refusers (including the vast crowd using any device named iXXXX).

the non-flash solution typically involves polling the server every few seconds to ask 'how much now?' over and over (recent browser enhancements let you get this info client side, but you have to support IE6+ of course - sigh again).

SO: nginx (or any 'caching' proxy) thoughtfully collects all the data before handing it off to the backend server (PHP, ruby, ASP, whatever), and the answer to your poll requests is always 'zero' until it's suddenly '100%'. most of these servers (nginx included) now provide builtin 'upload monitoring' modules that let you poll a particular page to retrieve the answer direct from the proxy instead of your backend script... but that means rewriting your polling code (hiring a web developer, checking that it works, blah, blah - instead of just getting your sysadmin to stick a proxy in front of your web server).