[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] Limit Request Size
|
Hi,
On Fri, Jul 17, 2015 at 5:11 PM, Thomas <jetty@xxxxxxxxx> wrote:
> Hi,
>
> i look for an way to define an hard limit for the Maximum Request size an
> client is able to send.
> To be more specific mainly the request body is in my concern. The limit
> "maxFormContentSize" only works
> for form data. But not for text/xml body and maybe even only if there is an
> content-length header.
> But for security reason i like to limit raw upload also. That mean
> 1) If Content-Length is larger than limit close the connection the hard way.
> 2) If no content-lengthand there is read more than limit bytes from input
> stream/reader
> also disconnect the connection.
> Since this is for security i think it should be an server parameter.
Generally you can implement this with a ServletFilter if you are using
blocking APIs such as ServletInputStream.
For asynchronous APIs a ServletFilter won't work.
The filter could check Content-Length and if absent, wrap the
InputStream and control how much it reads.
Alternatively, you can file an issue at
https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty, but no
promises on when it'll be implemented.
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.