You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kai Weber <ka...@glorybox.de> on 2012/12/13 14:02:46 UTC
Does maxPostSize has an effect on file upload?
I see the following behaviour on Tomcat 6.0.24:
The maxPostSize is not set, so uses the default of 2MB. I can upload files
bigger than 2MB (5MB for example). I use commons-fileupload to read the file.
Does a file upload as multipart/form-data not count to the size of the POST?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Does maxPostSize has an effect on file upload?
Posted by "Williams, Nick" <ni...@ul.com>.
A valid point that I have not considered. Since parseParameters() is not called until you get the request parameters or parts, a developer could getInputStream() and parse all the parts/parameters themselves, thereby completely skipping the maxPostSize checks. Thanks for correcting me here, Mark.
Nick
-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org]
Sent: Friday, December 14, 2012 3:17 PM
To: Tomcat Users List
Subject: Re: Does maxPostSize has an effect on file upload?
On 14/12/2012 19:58, Williams, Nick wrote:
> (Note: It's entirely possible that I'm reading the code wrong.
Yes you are. Not completely wrongly but there are errors.
The short version is as follows:
If Tomcat is responsible for reading the request body such as via a call to a method like getParameters(), getParts() etc. then Tomcat will apply the maxPostSize limit.
If the application is responsible for reading the request body then the limit does not apply. Hence if an application uses a third-party file upload library or just calls getInputStream() or getReader() the limit will not apply.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
This e-mail may contain privileged or confidential information. If you are not the intended recipient: (1) you may not disclose, use, distribute, copy or rely upon this message or attachment(s); and (2) please notify the sender by reply e-mail, and then delete this message and its attachment(s). Underwriters Laboratories Inc. and its affiliates disclaim all liability for any errors, omissions, corruption or virus in this message or any attachments.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Does maxPostSize has an effect on file upload?
Posted by Mark Thomas <ma...@apache.org>.
On 14/12/2012 19:58, Williams, Nick wrote:
> (Note: It's entirely possible that I'm reading the code wrong.
Yes you are. Not completely wrongly but there are errors.
The short version is as follows:
If Tomcat is responsible for reading the request body such as via a call
to a method like getParameters(), getParts() etc. then Tomcat will apply
the maxPostSize limit.
If the application is responsible for reading the request body then the
limit does not apply. Hence if an application uses a third-party file
upload library or just calls getInputStream() or getReader() the limit
will not apply.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] Does maxPostSize has an effect on file upload?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Nick,
On 12/14/12 5:36 PM, Williams, Nick wrote:
>> The way Tomcat is apparently doing it now is much more sensible,
>> in my humble opinion, because it does allow a direct and easy
>> comparison with the files being uploaded. And since as per above
>> it needs to be kept in some cases anyway, my vote - if I had one
>> - would be to not change it.
>
> I must agree with André. The process of base64 encoding a file
> increases the number of bytes it takes to transmit it. But since
> that is not the actual size of the file, the extra length should
> not be counted towards the post size. The process by which the part
> lengths are added up DECODED is a much more accurate way to do it,
> in my opinion.
Right.
It also protects against uploading a file using gzip encoding where
the actual file is larger that the "upload limit".
It also means that uploading a zip bomb[1] can be detected and prevented.
Reasonable people can argue about the appropriateness of the first
point above (is the admin trying to cap the number of bytes uploaded
or the number of bytes effectively placed on the filesystem?) but the
second one is very important to the stability of a server.
> How confusing would it be to a user who uploads a file that is
> 1,989,956 bytes to get notified that the file exceeded the 2 MB
> limit? The user certainly wouldn't understand that his file base64
> encoded was larger than 2 MB. He would think the site was broken.
Files are rarely uploaded using base64 over HTTP -- that kind of thing
is much more common when using binary-intolerant systems like SMTP.
I'm not sure any normal user-agents can upload using base64, anyway. I
think you basically have identity, compress, gzip, and deflate
content-encodings. Anything done with base64 would have to have a
custom client and the webapp would have to handle the decoding.
- -chris
[1] http://en.wikipedia.org/wiki/Zip_bomb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEAREIAAYFAlDPcSUACgkQ9CaO5/Lv0PDmOgCePVBEtJBvjvZKA8Y6q0HJKxx6
v/gAoJwZePfcY+yiCO6A1YtciYH9cJZZ
=sG2l
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Does maxPostSize has an effect on file upload?
Posted by "Williams, Nick" <ni...@ul.com>.
> The way Tomcat is apparently doing it now is much more sensible, in my humble opinion, because it does allow a direct and easy comparison with the files being uploaded.
> And since as per above it needs to be kept in some cases anyway, my vote - if I had one - would be to not change it.
I must agree with André. The process of base64 encoding a file increases the number of bytes it takes to transmit it. But since that is not the actual size of the file, the extra length should not be counted towards the post size. The process by which the part lengths are added up DECODED is a much more accurate way to do it, in my opinion. How confusing would it be to a user who uploads a file that is 1,989,956 bytes to get notified that the file exceeded the 2 MB limit? The user certainly wouldn't understand that his file base64 encoded was larger than 2 MB. He would think the site was broken.
N
This e-mail may contain privileged or confidential information. If you are not the intended recipient: (1) you may not disclose, use, distribute, copy or rely upon this message or attachment(s); and (2) please notify the sender by reply e-mail, and then delete this message and its attachment(s). Underwriters Laboratories Inc. and its affiliates disclaim all liability for any errors, omissions, corruption or virus in this message or any attachments.
Re: Does maxPostSize has an effect on file upload?
Posted by André Warnier <aw...@ice-sa.com>.
Mark Thomas wrote:
> On 14/12/2012 21:13, André Warnier wrote:
>
> <snip/>
>
>> If it's "multipart/form-data", it delegates to another method,
>> parseParts().
>
> <snip/>
>
>> Why the Content-Length is not checked, I am unsure. It seems it would
>> be less expensive to throw the exception before ever trying to parse the
>> parts. However, this APPEARS to be the functional equivalent of checking
>> the Content-Length.
>
> I think that is simply an oversight in the commit [1] that added the
> checking. If a content-length is present then checking it would be
> simpler. The existing checks need to be kept for the chunked request
> body case.
>
> As always, patches welcome.
>
In the Apache httpd DAV implementation, the LimitXMLRequestBody is the only way to control
the maximum size of an upload. It is a p-i-t-a, because that size does not relate easily
to the size of the file one is really uploading, making it difficult to set a sensible limit.
The way Tomcat is apparently doing it now is much more sensible, in my humble opinion,
because it does allow a direct and easy comparison with the files being uploaded.
And since as per above it needs to be kept in some cases anyway, my vote - if I had one -
would be to not change it.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Does maxPostSize has an effect on file upload?
Posted by Mark Thomas <ma...@apache.org>.
On 14/12/2012 21:13, André Warnier wrote:
<snip/>
> If it's "multipart/form-data", it delegates to another method,
> parseParts().
<snip/>
> Why the Content-Length is not checked, I am unsure. It seems it would
> be less expensive to throw the exception before ever trying to parse the
> parts. However, this APPEARS to be the functional equivalent of checking
> the Content-Length.
I think that is simply an oversight in the commit [1] that added the
checking. If a content-length is present then checking it would be
simpler. The existing checks need to be kept for the chunked request
body case.
As always, patches welcome.
Mark
[1] http://svn.apache.org/viewvc?view=revision&revision=1195968
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Does maxPostSize has an effect on file upload?
Posted by Mark Thomas <ma...@apache.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 17/12/2012 19:11, Christopher Schultz wrote:
> Nick,
>
> On 12/14/12 4:28 PM, Williams, Nick wrote:
>>> If it was using the global Content-length header, it would
>>> count not only the encoded data bytes, but also the parts
>>> separators, headers etc..
>
>>> So that's nice. It counts only the net data bytes, which is
>>> easier to compare to the size on disk of a file that you would
>>> upload.
>
>> Indeed. A great explanation for why this would be done, and a
>> much more logical way to do it than just using Content-Length
>> ("the easy way out").
>
> Also, Tomcat has to fully drain the input stream, anyway, so
> bombing "earlier" by checking the Content-Length doesn't actually
> improve anything.
Not quite. There is a little more to it than that and the exact
behaviour varies depending on the circumstances. See [1] and look for
swallowAbortedUploads. It explains what happens quite nicely.
Mark
[1] http://tomcat.apache.org/tomcat-7.0-doc/config/context.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBAgAGBQJQ0EboAAoJEBDAHFovYFnnQ7QQANyzCqL1zpv5r8L1HVT4abaR
0kTy4D5Er4TDsmhA+TvWonGLrNj9nK58OOb5hxx2xz63xLBg/MxjGmo6txxaoxe7
ZYL6wmL2iCp2pthJyhpXA9xFfZvyGfhbmNpxKQ8RHbL3vru5FTPwt69TtpFjtjrL
UJmyZ3LYGjVaDlad6fyR/ZuxmlwxApd1vYDjmNbRUTTL4b3pcSyKYkH9UBs3ukih
toQGU9cCnSwwGRnQaZngvBB8uvedP35j4H2zTkRAhoZ3Il/rVrtDexh+ibgp+tBq
TAat4YSmIgBob7BQMMMFjdWezLn4Zuh99s+oSS1GAO8FkcCw+DfrlodGVFSDjhe4
HwomlIw+1ehLdmAd75D7kkL1arvv7l4Csk+HrC/TFSwyrsfHlOMn7rsam0sXicJ5
jyN17JJK0iY+sddU6E6WVafAKqET5g6bO3s0FtPmREuvQveSwDlz3d4JDK7S/4QN
O9B9cEE4WlroGboNM9CZgdi35JYkM1BfVjm6MIph2ILvnDj+h+pBbmg9lgLO4iH2
uBj3FEJ5Y+7WtLKwNPcJUMD/ErcUoWKQM6yf8fscrARNvu0wBnF8qamvqXGKFlnt
EvetAbSTe31cRbUrDDk8eSmuzpQAvcsuMaUA0/LhvlYkkPSquA9iiKiURk2ZIZo3
lUH9LwbGwVvns6T+bIjF
=ZQTL
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Does maxPostSize has an effect on file upload?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Nick,
On 12/14/12 4:28 PM, Williams, Nick wrote:
>> If it was using the global Content-length header, it would count
>> not only the encoded data bytes, but also the parts separators,
>> headers etc..
>
>> So that's nice. It counts only the net data bytes, which is
>> easier to compare to the size on disk of a file that you would
>> upload.
>
> Indeed. A great explanation for why this would be done, and a much
> more logical way to do it than just using Content-Length ("the
> easy way out").
Also, Tomcat has to fully drain the input stream, anyway, so bombing
"earlier" by checking the Content-Length doesn't actually improve
anything.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEAREIAAYFAlDPbmsACgkQ9CaO5/Lv0PDEQgCfYIxtmmsCqWthDN5fciu4CYup
l80An3Bt3nlSB0zfe3YN6ax1VHnnx7o/
=Eny7
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Does maxPostSize has an effect on file upload?
Posted by "Williams, Nick" <ni...@ul.com>.
> If it was using the global Content-length header, it would count not only the encoded data bytes, but also the parts separators, headers etc..
> So that's nice. It counts only the net data bytes, which is easier to compare to the size on disk of a file that you would upload.
Indeed. A great explanation for why this would be done, and a much more logical way to do it than just using Content-Length ("the easy way out").
Thanks!
This e-mail may contain privileged or confidential information. If you are not the intended recipient: (1) you may not disclose, use, distribute, copy or rely upon this message or attachment(s); and (2) please notify the sender by reply e-mail, and then delete this message and its attachment(s). Underwriters Laboratories Inc. and its affiliates disclaim all liability for any errors, omissions, corruption or virus in this message or any attachments.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Does maxPostSize has an effect on file upload?
Posted by André Warnier <aw...@ice-sa.com>.
Williams, Nick wrote:
> So I read some code in org.apache.catalina.connector.Request.java. When parseParameters() is called, it checks whether the Content-Type is "multipart/form-data" or "application/x-www-form-urlencoded". If it's "application/x-www-form-urlencoded", it checks to make sure that the Content-Length is not greater than maxPostSize.
That is probably because in that case, the body is not encoded, and the Content-length
matches the length of the posted data.
If it's "multipart/form-data", it delegates to another method, parseParts().
>
> In parseParts(), the code begins looping over the parts and placing them into the list of parts for the request. As it processes each part, it adds the size (in bytes) of that part (including the part contents or file contents if this is a file upload) to an aggregate post size variable. If at any point the aggregate post size exceeds the maxPostSize variable, it fails.
This thus looks like it applies to the total size of the parts, after decoding the ones
that are Base-64 encoded (such as uploaded files contents).
Why the Content-Length is not checked, I am unsure. It seems it would be less expensive
to throw the exception before ever trying to parse the parts. However, this APPEARS to be
the functional equivalent of checking the Content-Length.
If it was using the global Content-length header, it would count not only the encoded data
bytes, but also the parts separators, headers etc..
So that's nice. It counts only the net data bytes, which is easier to compare to the size
on disk of a file that you would upload.
>
> So, it would seem that maxPostSize does, indeed, affect file uploads, and that if the total size of your request, including file parts, exceeds maxPostSize, that the request will fail. Whether this behavior is consistent with that specified in the spec, I am not an expert on that.
>
You've done a pretty good job so far, I believe.
What maybe is the difference here, is that you probably looked at the Tomcat 7 code, in
which I believe the FileUpload code has been integrated/merged.
Maybe in Tomcat 6 it is different, and when FileUpload is used, it doesn't count the
bytes, or doesn't pass the result back to Tomcat to match the MaxPostSize ?
> Not that it matters, but this behavior is consistent with the land of PHP, where a maxUploadFileSize value of 50MB does you no good if you forget to increas your maxPostSize from the default of 5MB.
>
> (Note: It's entirely possible that I'm reading the code wrong. I would suggest that an experiment might solve this conclusively, but perhaps that has been tried and I missed that somewhere in the chain.)
>
> Nick
>
> -----Original Message-----
> From: André Warnier [mailto:aw@ice-sa.com]
> Sent: Friday, December 14, 2012 1:15 PM
> To: Tomcat Users List
> Subject: Re: Does maxPostSize has an effect on file upload?
>
> Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Chuck,
>>
>> On 12/14/12 12:38 PM, Caldarale, Charles R wrote:
>>>> From: Christopher Schultz [mailto:chris@christopherschultz.net]
>>>> Subject: Re: Does maxPostSize has an effect on file upload?
>>>>>> Does a file upload as multipart/form-data not count to the size of
>>>>>> the POST?
>>>>> No, as the doc make clear.
>>>> I'm not so sure the docs make it clear.
>>> I think you have to read the relevant RFC:
>>> http://www.ietf.org/rfc/rfc1867.txt which is implicitly part of the
>>> doc.
>> I'm not sure what part of that spec would apply.
>>
>> Given the (Tomcat) documentation, one might reasonably believe that
>> the maxPostSize would refer to either the total Content-Length for an
>> application/x-www-form-urlencoded POST message or an individual
>> Content-Length of a single part of a multipart/form-data POST message.
>>
>> The latter is not the case, and I think it's worth pointing that out.
>>
>
> Just a suggestion : maybe one of the Tomcat/Java gurus here could first explain to what the maxPostSize attribute of the Connector really does relate ?
> What /is/ being measured there ?
> Is it, like, just the request's "Content-length" header, or is there a counter which really counts the bytes being read e.g.
> (and yes, obviously, if this is limited to an "application/x-www-form-urlencoded" POST, then it wouldn't be just the Content-length header) (and, if it covers a "multipart/form-data" POST, then is it the total body size, before of after decoding the Base-64 encoded bits ?) After all, this is a "Tomcat users" list, not a "Tomcat dev" list; so we can't really expect the public here to go delve into the Java code to find out.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
> This e-mail may contain privileged or confidential information. If you are not the intended recipient: (1) you may not disclose, use, distribute, copy or rely upon this message or attachment(s); and (2) please notify the sender by reply e-mail, and then delete this message and its attachment(s). Underwriters Laboratories Inc. and its affiliates disclaim all liability for any errors, omissions, corruption or virus in this message or any attachments.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Does maxPostSize has an effect on file upload?
Posted by "Williams, Nick" <ni...@ul.com>.
So I read some code in org.apache.catalina.connector.Request.java. When parseParameters() is called, it checks whether the Content-Type is "multipart/form-data" or "application/x-www-form-urlencoded". If it's "application/x-www-form-urlencoded", it checks to make sure that the Content-Length is not greater than maxPostSize. If it's "multipart/form-data", it delegates to another method, parseParts().
In parseParts(), the code begins looping over the parts and placing them into the list of parts for the request. As it processes each part, it adds the size (in bytes) of that part (including the part contents or file contents if this is a file upload) to an aggregate post size variable. If at any point the aggregate post size exceeds the maxPostSize variable, it fails. Why the Content-Length is not checked, I am unsure. It seems it would be less expensive to throw the exception before ever trying to parse the parts. However, this APPEARS to be the functional equivalent of checking the Content-Length.
So, it would seem that maxPostSize does, indeed, affect file uploads, and that if the total size of your request, including file parts, exceeds maxPostSize, that the request will fail. Whether this behavior is consistent with that specified in the spec, I am not an expert on that.
Not that it matters, but this behavior is consistent with the land of PHP, where a maxUploadFileSize value of 50MB does you no good if you forget to increas your maxPostSize from the default of 5MB.
(Note: It's entirely possible that I'm reading the code wrong. I would suggest that an experiment might solve this conclusively, but perhaps that has been tried and I missed that somewhere in the chain.)
Nick
-----Original Message-----
From: André Warnier [mailto:aw@ice-sa.com]
Sent: Friday, December 14, 2012 1:15 PM
To: Tomcat Users List
Subject: Re: Does maxPostSize has an effect on file upload?
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Chuck,
>
> On 12/14/12 12:38 PM, Caldarale, Charles R wrote:
>>> From: Christopher Schultz [mailto:chris@christopherschultz.net]
>>> Subject: Re: Does maxPostSize has an effect on file upload?
>>>>> Does a file upload as multipart/form-data not count to the size of
>>>>> the POST?
>>>> No, as the doc make clear.
>>> I'm not so sure the docs make it clear.
>> I think you have to read the relevant RFC:
>> http://www.ietf.org/rfc/rfc1867.txt which is implicitly part of the
>> doc.
>
> I'm not sure what part of that spec would apply.
>
> Given the (Tomcat) documentation, one might reasonably believe that
> the maxPostSize would refer to either the total Content-Length for an
> application/x-www-form-urlencoded POST message or an individual
> Content-Length of a single part of a multipart/form-data POST message.
>
> The latter is not the case, and I think it's worth pointing that out.
>
Just a suggestion : maybe one of the Tomcat/Java gurus here could first explain to what the maxPostSize attribute of the Connector really does relate ?
What /is/ being measured there ?
Is it, like, just the request's "Content-length" header, or is there a counter which really counts the bytes being read e.g.
(and yes, obviously, if this is limited to an "application/x-www-form-urlencoded" POST, then it wouldn't be just the Content-length header) (and, if it covers a "multipart/form-data" POST, then is it the total body size, before of after decoding the Base-64 encoded bits ?) After all, this is a "Tomcat users" list, not a "Tomcat dev" list; so we can't really expect the public here to go delve into the Java code to find out.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
This e-mail may contain privileged or confidential information. If you are not the intended recipient: (1) you may not disclose, use, distribute, copy or rely upon this message or attachment(s); and (2) please notify the sender by reply e-mail, and then delete this message and its attachment(s). Underwriters Laboratories Inc. and its affiliates disclaim all liability for any errors, omissions, corruption or virus in this message or any attachments.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Does maxPostSize has an effect on file upload?
Posted by André Warnier <aw...@ice-sa.com>.
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Chuck,
>
> On 12/14/12 12:38 PM, Caldarale, Charles R wrote:
>>> From: Christopher Schultz [mailto:chris@christopherschultz.net]
>>> Subject: Re: Does maxPostSize has an effect on file upload?
>>>>> Does a file upload as multipart/form-data not count to the
>>>>> size of the POST?
>>>> No, as the doc make clear.
>>> I'm not so sure the docs make it clear.
>> I think you have to read the relevant RFC:
>> http://www.ietf.org/rfc/rfc1867.txt which is implicitly part of the
>> doc.
>
> I'm not sure what part of that spec would apply.
>
> Given the (Tomcat) documentation, one might reasonably believe that
> the maxPostSize would refer to either the total Content-Length for an
> application/x-www-form-urlencoded POST message or an individual
> Content-Length of a single part of a multipart/form-data POST message.
>
> The latter is not the case, and I think it's worth pointing that out.
>
Just a suggestion : maybe one of the Tomcat/Java gurus here could first explain to what
the maxPostSize attribute of the Connector really does relate ?
What /is/ being measured there ?
Is it, like, just the request's "Content-length" header, or is there a counter which
really counts the bytes being read e.g.
(and yes, obviously, if this is limited to an "application/x-www-form-urlencoded" POST,
then it wouldn't be just the Content-length header)
(and, if it covers a "multipart/form-data" POST, then is it the total body size, before of
after decoding the Base-64 encoded bits ?)
After all, this is a "Tomcat users" list, not a "Tomcat dev" list; so we can't really
expect the public here to go delve into the Java code to find out.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Does maxPostSize has an effect on file upload?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Chuck,
On 12/14/12 12:38 PM, Caldarale, Charles R wrote:
>> From: Christopher Schultz [mailto:chris@christopherschultz.net]
>> Subject: Re: Does maxPostSize has an effect on file upload?
>
>>>> Does a file upload as multipart/form-data not count to the
>>>> size of the POST?
>
>>> No, as the doc make clear.
>
>> I'm not so sure the docs make it clear.
>
> I think you have to read the relevant RFC:
> http://www.ietf.org/rfc/rfc1867.txt which is implicitly part of the
> doc.
I'm not sure what part of that spec would apply.
Given the (Tomcat) documentation, one might reasonably believe that
the maxPostSize would refer to either the total Content-Length for an
application/x-www-form-urlencoded POST message or an individual
Content-Length of a single part of a multipart/form-data POST message.
The latter is not the case, and I think it's worth pointing that out.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEAREIAAYFAlDLdMcACgkQ9CaO5/Lv0PCkPwCghEQ2KYNPSCV+buGj/VtDvmme
e/cAoJ3ci461Q4xD992azyLQi8FxRAym
=+GMt
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Does maxPostSize has an effect on file upload?
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Subject: Re: Does maxPostSize has an effect on file upload?
> > > Does a file upload as multipart/form-data not count to the size
> > > of the POST?
> > No, as the doc make clear.
> I'm not so sure the docs make it clear.
I think you have to read the relevant RFC:
http://www.ietf.org/rfc/rfc1867.txt
which is implicitly part of the doc.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Does maxPostSize has an effect on file upload?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 12/13/12 10:27 AM, Mark Thomas wrote:
>
>
> Kai Weber <ka...@glorybox.de> wrote:
>
>> I see the following behaviour on Tomcat 6.0.24:
>>
>> The maxPostSize is not set, so uses the default of 2MB. I can
>> upload files bigger than 2MB (5MB for example). I use
>> commons-fileupload to read the file.
>
> As expected.
>
>> Does a file upload as multipart/form-data not count to the size
>> of the POST?
>
> No, as the doc make clear.
I'm not so sure the docs make it clear. Here's what that attribute
currently says (in its entirety):
"
The maximum size in bytes of the POST which will be handled by the
container FORM URL parameter parsing. The limit can be disabled by
setting this attribute to a value less than or equal to 0. If not
specified, this attribute is set to 2097152 (2 megabytes).
"
It says "FORM URL parameter parsing". That may be some kind of code
that means "only when the type is application/x-www-form-urlencoded".
We could probably explicitly state that multipart requests are
excepted from this limit.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEAREIAAYFAlDLW7UACgkQ9CaO5/Lv0PANRgCfUA69SHOZk5O87VlcoFz4LELt
lYQAoMH4B2tFFDnARGkRoB5BDR2GxfV1
=itOY
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Does maxPostSize has an effect on file upload?
Posted by Kai Weber <ka...@glorybox.de>.
* Mark Thomas <ma...@apache.org>:
> >Does a file upload as multipart/form-data not count to the size of the
> >POST?
>
> No, as the doc make clear.
I asked because I could not find a hint in the docs or the INTERNET. What doc
do you mean? I looked into http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
for maxPostSize.
Thanks, Kai
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Does maxPostSize has an effect on file upload?
Posted by Mark Thomas <ma...@apache.org>.
Kai Weber <ka...@glorybox.de> wrote:
>I see the following behaviour on Tomcat 6.0.24:
>
>The maxPostSize is not set, so uses the default of 2MB. I can upload
>files
>bigger than 2MB (5MB for example). I use commons-fileupload to read the
>file.
As expected.
>Does a file upload as multipart/form-data not count to the size of the
>POST?
No, as the doc make clear.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org