You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2022/04/22 12:57:00 UTC
[jira] [Work started] (KNOX-2737) Make maxFormContentSize and maxFormKeys configurable in our embedded Jetty server
[ https://issues.apache.org/jira/browse/KNOX-2737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on KNOX-2737 started by Sandor Molnar.
-------------------------------------------
> Make maxFormContentSize and maxFormKeys configurable in our embedded Jetty server
> ---------------------------------------------------------------------------------
>
> Key: KNOX-2737
> URL: https://issues.apache.org/jira/browse/KNOX-2737
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 2.0.0
>
>
> There are certain deployments, where increasing the {{maxFormContentSize}} configuration is required because the default 200kB is not enough in POST forms.
> Jetty checks these configurations on two levels: first in the context, and then, if the context is not available (it's a very rare non-typical Jetty deployment), looks it up in the server's attributes:
> {noformat}
> * The form content that a request can process is limited to protect from Denial of Service attacks. The size in bytes is limited by
> * {@link ContextHandler#getMaxFormContentSize()} or if there is no context then the "org.eclipse.jetty.server.Request.maxFormContentSize" {@link Server}
> * attribute. The number of parameters keys is limited by {@link ContextHandler#getMaxFormKeys()} or if there is no context then the
> * "org.eclipse.jetty.server.Request.maxFormKeys" {@link Server} attribute.{noformat}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)