A recent RHEL patch supplied the following Tomcat packages which attempt to address a possible DoS attack as outlines at the link below:
tomcat5-jasper-5.5.23-0jpp.31.el5_8 tomcat5-server-lib-5.5.23-0jpp.31.el5_8 tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8 tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8 tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8 tomcat5-common-lib-5.5.23-0jpp.31.el5_8 tomcat5-webapps-5.5.23-0jpp.31.el5_8 tomcat5-5.5.23-0jpp.31.el5_8 http://rhn.redhat.com/errata/RHSA-2012-0474.html Since then I've encountered a problem with exceeding the maxParameterCount which seems to default at 512: May 4, 2012 2:30:27 PM org.apache.catalina.connector.Request parseParameters WARNING: Exception thrown whilst processing POSTed parameters java.lang.IllegalStateException: Parameter count exceeded allowed maximum: 512 at org.apache.tomcat.util.http.Parameters.addParam(Parameters.java:331) at org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:407) at org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:358) at org.apache.catalina.connector.Request.parseParameters(Request.java:2400) at org.apache.catalina.connector.Request.getParameterValues(Request.java:1063) at org.apache.catalina.connector.RequestFacade.getParameterValues(RequestFacade.java:394)......... I do not need it to be the old default of 10000 and I don't think I want to set it to unlimited (-1) but I do need more than 512 for the application I am supporting. Does anyone know how to tweak the maxParameterCount in a standalone Tomcat listening on 8080, requests are sent via Apache listening on 80? This is not Tomcat as supplied with JBoss, so a fix such as that detailed at the link below I do not think will work: http://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.3_Release_Notes/ar01s05.html Thanks in advance!
