You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/04/25 05:00:00 UTC

[jira] [Commented] (KNOX-2737) Make maxFormContentSize and maxFormKeys configurable in Knox's embedded Jetty server

    [ https://issues.apache.org/jira/browse/KNOX-2737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17527304#comment-17527304 ] 

ASF subversion and git services commented on KNOX-2737:
-------------------------------------------------------

Commit 69bfd417263e62dd37d69979b627561aa2198573 in knox's branch refs/heads/master from Sandor Molnar
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=69bfd4172 ]

KNOX-2737 - Make maxFormContentSize and maxFormKeys configurable in Knox's embedded Jetty server (#563)



> Make maxFormContentSize and maxFormKeys configurable in Knox's embedded Jetty server
> ------------------------------------------------------------------------------------
>
>                 Key: KNOX-2737
>                 URL: https://issues.apache.org/jira/browse/KNOX-2737
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 2.0.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> There are certain deployments, where increasing the {{maxFormContentSize}} configuration is required because the default 200kB is not enough in POST forms.
> Jetty checks these configurations on two levels: first in the context, and then, if the context is not available (it's a very rare non-typical Jetty deployment), looks it up in the server's attributes:
> {noformat}
> The form content that a request can process is limited to protect from Denial of Service attacks. The size in bytes is limited by {@link ContextHandler#getMaxFormContentSize()} or if there is no context then the "org.eclipse.jetty.server.Request.maxFormContentSize" {@link Server} attribute.
> The number of parameters keys is limited by {@link ContextHandler#getMaxFormKeys()} or if there is no context then the "org.eclipse.jetty.server.Request.maxFormKeys" {@link Server} attribute.{noformat}
> Please note that these configurations are controlled by the System properties called {{org.eclipse.jetty.server.Request.maxFormKeys}} and {{{}org.eclipse.jetty.server.Request.maxFormContentSize{}}}.
> This Jira is about to override them in {{{}gateway-site.xml{}}}.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)