>Number: 5801
>Category: general
>Synopsis: JServ will not accept large amounts of name/vaule pairs using
>the POST method.
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Tue Feb 22 15:10:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Release: 1.3.9 + JServ1.1
>Organization:
apache
>Environment:
RedHat-Lynx
JDK1.1.8
>Description:
I am running in to something strange when receiving large amounts of name value
pairs from a Html form
using a POST method. It seems the Apache JServ has some limit for the
amount of name/value pairs it can receive.
I would expect this type of behavior when using the GET method but not
the POST. Let me back up by saying
that our development webserver (Java Web Server) runs the code just
fine it's only with JServ where the
problem arises. My question is do you know of any configuration file
in JServ or Apache that limits a POST
request maybe for security reason, or do you know of any way to have
the "HTTPRequest" object of a
Servlet force the webserver to accept any length of an request. It
seems very strange that this type of restriction
would be the default behavior of the Apache JServ.
This is a database app, the test data which in our case is a
very small compared to the real world. In any case the test data
we are using in the Html from is comprised of (10 name/vaule
pairs) * 24 entries = 240 name/values total. The problem
that arises is our array which is being filled by the
"HttpServletRequest.getParameterValues()" is only receiving half
the name/value pairs. Now before you say the array is not large
enough keep in mind the are no exception thrown and
it works perfectly on the Java Web Server.
>How-To-Repeat:
Create a Html form with over 200 name/value pairs. Create a servlet which needs
to recieve all name/vaule pairs using the
"HttpServletRequest.getParameterValues()" method.
>Fix:
If there is some type of limit in which Apache recieves POST data this is
incorrect. The GET method should be limited not POST, acording to CGI and
Servlet standards.
>Release-Note:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
