-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
André,
On 5/2/2010 6:48 AM, André Warnier wrote:
> It is there to avoid the possibility for some miscreant to overwhelm
> your server by sending it a POST request with a body of, for example, 10
> Gigabyte, through a slow connection.
> In the absence of such a limit, this would force the server to dedicate
> a process to just sit there reading the content of the POST, possibly
> for hours.
It's interesting that you mention this specific case, because I believe
Tomcat's behavior, even in cases where the Content-Length and/or actual
request body length exceed the "maxPostSize" setting, is to read every
byte sent by the client (and discard them). That could still tie-up the
server for hours.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkve16oACgkQ9CaO5/Lv0PDGyQCffE+vIqfTGHIi0VAMsmzbb3nf
aDEAniVtfCSx+LFKNusXBJJzBCKrNvqw
=ML/2
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|