[jira] [Commented] (KNOX-2737) Make maxFormContentSize and maxFormKeys configurable in Knox's embedded Jetty server

Thu, 23 Jun 2022 02:12:06 -0700 


    [ 
https://issues.apache.org/jira/browse/KNOX-2737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17557897#comment-17557897
 ] 

ASF subversion and git services commented on KNOX-2737:
-------------------------------------------------------

Commit 69bfd417263e62dd37d69979b627561aa2198573 in knox's branch 
refs/heads/dependabot/npm_and_yarn/knox-token-management-ui/minimist-1.2.6 from 
Sandor Molnar
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=69bfd4172 ]

KNOX-2737 - Make maxFormContentSize and maxFormKeys configurable in Knox's 
embedded Jetty server (#563)



> Make maxFormContentSize and maxFormKeys configurable in Knox's embedded Jetty 
> server
> ------------------------------------------------------------------------------------
>
>                 Key: KNOX-2737
>                 URL: https://issues.apache.org/jira/browse/KNOX-2737
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 2.0.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> There are certain deployments, where increasing the {{maxFormContentSize}} 
> configuration is required because the default 200kB is not enough in POST 
> forms.
> Jetty checks these configurations on two levels: first in the context, and 
> then, if the context is not available (it's a very rare non-typical Jetty 
> deployment), looks it up in the server's attributes:
> {noformat}
> The form content that a request can process is limited to protect from Denial 
> of Service attacks. The size in bytes is limited by {@link 
> ContextHandler#getMaxFormContentSize()} or if there is no context then the 
> "org.eclipse.jetty.server.Request.maxFormContentSize" {@link Server} 
> attribute.
> The number of parameters keys is limited by {@link 
> ContextHandler#getMaxFormKeys()} or if there is no context then the 
> "org.eclipse.jetty.server.Request.maxFormKeys" {@link Server} 
> attribute.{noformat}
> Please note that these configurations are controlled by the System properties 
> called {{org.eclipse.jetty.server.Request.maxFormKeys}} and 
> {{{}org.eclipse.jetty.server.Request.maxFormContentSize{}}}.
> This Jira is about to override them in {{{}gateway-site.xml{}}}.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to