We have identified an issue with the system that we are developing where a user can send large amounts of data to an action and cause the system to deny other requests to get in. We tried to get apache to limit the request size, but it will not limit the request size for requests that are forwarded to the servlet container.
A good idea to prevent denial of service attacks to struts applications might be to allow the action servlet to reject requests with content-length larger than a configurable amount. I think that many sites would benefit from having added protection at the servlet layer independent of the container that they are using. Thanks, dave -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
