tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Haenni, Tia" <thae...@burnsmcd.com>
Subject maxParameterCount with Tomcat 5.5.23
Date Fri, 11 May 2012 20:03:29 GMT
A recent RHEL patch supplied the following Tomcat packages which attempt to address a possible
DoS attack as outlines at the link below:

tomcat5-jasper-5.5.23-0jpp.31.el5_8
tomcat5-server-lib-5.5.23-0jpp.31.el5_8
tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8
tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8
tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8
tomcat5-common-lib-5.5.23-0jpp.31.el5_8
tomcat5-webapps-5.5.23-0jpp.31.el5_8
tomcat5-5.5.23-0jpp.31.el5_8

http://rhn.redhat.com/errata/RHSA-2012-0474.html

Since then I've encountered a problem with exceeding the maxParameterCount which seems to
default at 512:

May 4, 2012 2:30:27 PM org.apache.catalina.connector.Request parseParameters
WARNING: Exception thrown whilst processing POSTed parameters
java.lang.IllegalStateException: Parameter count exceeded allowed maximum: 512
                at org.apache.tomcat.util.http.Parameters.addParam(Parameters.java:331)
                at org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:407)
                at org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:358)
                at org.apache.catalina.connector.Request.parseParameters(Request.java:2400)
                at org.apache.catalina.connector.Request.getParameterValues(Request.java:1063)
                at org.apache.catalina.connector.RequestFacade.getParameterValues(RequestFacade.java:394).........

I do not need it to be the old default of 10000 and I don't think I want to set it to unlimited
(-1) but I do need more than 512 for the application I am supporting.

Does anyone know how to tweak the maxParameterCount in a standalone Tomcat listening on 8080,
requests are sent via Apache listening on 80?

This is not Tomcat as supplied with JBoss, so a fix such as that detailed at the link below
I do not think will work:

http://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.3_Release_Notes/ar01s05.html

Thanks in advance!




Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message