Hi, On Fri, Jul 17, 2015 at 5:11 PM, Thomas <[email protected]> wrote: > Hi, > > i look for an way to define an hard limit for the Maximum Request size an > client is able to send. > To be more specific mainly the request body is in my concern. The limit > "maxFormContentSize" only works > for form data. But not for text/xml body and maybe even only if there is an > content-length header. > But for security reason i like to limit raw upload also. That mean > 1) If Content-Length is larger than limit close the connection the hard way. > 2) If no content-lengthand there is read more than limit bytes from input > stream/reader > also disconnect the connection. > Since this is for security i think it should be an server parameter.
Generally you can implement this with a ServletFilter if you are using blocking APIs such as ServletInputStream. For asynchronous APIs a ServletFilter won't work. The filter could check Content-Length and if absent, wrap the InputStream and control how much it reads. Alternatively, you can file an issue at https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty, but no promises on when it'll be implemented. -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts. _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
