On 25/05/2022 16:21, Amit Pande wrote:
Hello Mark,
Could we slightly update the description - to say that this size is total size
(in bytes)of all the request (and response) headers combined (including the
header name and values)?
In the past, I incorrectly assumed that this size limit applies for one header
value.
maxHttpHeaderSize
The maximum size of the request and response HTTP header, specified in bytes.
If not specified, this attribute is set to 8192 (8 KB).
Done.
Mark
Thanks,
Amit
-----Original Message-----
From: Mark Thomas <ma...@apache.org>
Sent: Wednesday, May 25, 2022 6:16 AM
To: users@tomcat.apache.org
Subject: [External] Re: Maximum header size in Tomcat 9
On 25/05/2022 12:08, Aditya Kumar wrote:
Thanks! Sorry I misread that article.
So I suppose it's the same for maxHttpRequestHeaderSize and
maxHttpResponseHeaderSize?
Correct.
Mark
On Wed, May 25, 2022 at 10:45 AM Mark Thomas <ma...@apache.org> wrote:
On 25/05/2022 10:33, Aditya Kumar wrote:
I'm sorry I'm not sure what you mean by Integer.MAX_VALUE?
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdoc
s.oracle.com%2Fjavase%2F8%2Fdocs%2Fapi%2Fjava%2Flang%2FInteger.html%2
3MAX_VALUE&data=05%7C01%7CAmit.Pande%40veritas.com%7Ce18ae152bff0
402dad6908da3e3ff7e3%7Cfc8e13c0422c4c55b3eaca318e6cac32%7C0%7C0%7C637
890741724402644%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV
2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pfV4K
ul5InBqXlyW958TnV57bbZbe6F%2FrurIJqJ70xg%3D&reserved=0
Looking at
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fto
mcat.apache.org%2Ftomcat-9.0-doc%2Fconfig%2Fhttp.html&data=05%7C
01%7CAmit.Pande%40veritas.com%7Ce18ae152bff0402dad6908da3e3ff7e3%7Cf
c8e13c0422c4c55b3eaca318e6cac32%7C0%7C0%7C637890741724402644%7CUnkno
wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw
iLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VXFY%2Bew8f1HxXiUYsyCmgiVD
B%2FqQUJr4rhbB8LbZmkA%3D&reserved=0
all I
see is this:-
"maxHttpHeaderSize
The maximum size of the request and response HTTP header, specified
in bytes. If not specified, this attribute is set to 8192 (8 KB)."
This does not explain possible values. Can you give me an actual
number
for
the maximum?
See above.
The theoretical maximum is so far above any sensible value there is
not much point documenting it.
Also I saw in this article:
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcom
munity.jaspersoft.com%2Fwiki%2Fhow-pass-big-number-values-apache-tomc
at-url-string&data=05%7C01%7CAmit.Pande%40veritas.com%7Ce18ae152b
ff0402dad6908da3e3ff7e3%7Cfc8e13c0422c4c55b3eaca318e6cac32%7C0%7C0%7C
637890741724402644%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIj
oiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=I6
%2FHM6WSIVucDyEU17ENL0NGNbBDqtAEZ2snU6FFUF4%3D&reserved=0
" A value of less than 0 means no limit."
That text is copied directly from the Tomcat documentation and is
part of the description for maxParameterCount, not maxHttpHeaderSize.
What makes you think it might apply to maxHttpHeaderSize?
Mark
On Wed, May 25, 2022 at 10:19 AM Mark Thomas <ma...@apache.org> wrote:
On 25/05/2022 09:51, Aditya Kumar wrote:
Hi
I'm using Tomcat 9.0.46 and I want to know what is the maximum
possible value for maxHttpHeaderSize
Integer.MAX_VALUE
I have Tomcat setup using kerberos authentication and for some
users
the
Authorisation header is too large (too many AD groups).
I have seen various articles when googling but I want something
from official documentation to state what the possible values for
this field are. Is it true that setting a value of "-1" causes a
limitless maximum header size value?
Where did you read that? I don't see that in the documentation.
Mark
-------------------------------------------------------------------
-- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
