-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PR #12559 - changes to OpenID docs from review
Signed-off-by: Lachlan Roberts <lachlan.p.roberts@gmail.com>
- Loading branch information
1 parent
183e34c
commit 2da9e40
Showing
1 changed file
with
53 additions
and
0 deletions.
There are no files selected for viewing
53 changes: 53 additions & 0 deletions
53
...tation/jetty/modules/operations-guide/pages/security/configuring-form-size.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| // | ||
| // ======================================================================== | ||
| // Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others. | ||
| // | ||
| // This program and the accompanying materials are made available under the | ||
| // terms of the Eclipse Public License v. 2.0 which is available at | ||
| // https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0 | ||
| // which is available at https://www.apache.org/licenses/LICENSE-2.0. | ||
| // | ||
| // SPDX-License-Identifier: EPL-2.0 OR Apache-2.0 | ||
| // ======================================================================== | ||
| // | ||
|
|
||
| [[limit-form-content]] | ||
| = Limiting Form Content | ||
|
|
||
| Form content sent to the server is processed by Jetty into a map of parameters to be used by the web application. | ||
| Forms can be a vector for denial-of-service attacks, since significant memory and CPU can be consumed if a malicious client sends very large form content or a large number of form keys. | ||
| Thus, Jetty limits the amount of data and keys that can be in a form posted to Jetty. | ||
|
|
||
| The default maximum size Jetty permits is 200000 bytes and 1000 keys. | ||
| You can change this default for a particular web application or for all web applications on a particular `Server` instance. | ||
|
|
||
| == Configuring Form Limits for a Web Application | ||
|
|
||
| To configure the form limits for a single web application, the `WebAppContext` instance can be configured from a context XML file or `WEB-INF/jetty-web.xml` file: | ||
|
|
||
| [,xml,subs=attributes+] | ||
| ---- | ||
| <Configure class="org.eclipse.jetty.{ee-current}.webapp.WebAppContext"> | ||
| ... | ||
| <Set name="maxFormContentSize">200000</Set> | ||
| <Set name="maxFormKeys">200</Set> | ||
| </Configure> | ||
| ---- | ||
|
|
||
| These settings can also be set via the following `ServletContext` attributes. | ||
|
|
||
| - `org.eclipse.jetty.server.Request.maxFormKeys` | ||
| - `org.eclipse.jetty.server.Request.maxFormContentSize` | ||
|
|
||
| == Configuring Default Form Limits for the Server | ||
|
|
||
| The default `maxFormKeys` is 1000 and the default `maxFormContentSize` is 200000. | ||
|
|
||
| However, the following system properties can be set to change the default values of this across every context: | ||
|
|
||
| - `org.eclipse.jetty.server.Request.maxFormKeys` | ||
| - `org.eclipse.jetty.server.Request.maxFormContentSize`. | ||
|
|