Tomcat's default value for maxPostSize is 2097152, so that's "normal." ( https://tomcat.apache.org/tomcat-8.5-doc/config/http.html)
Tomcat's default value for maxHttpHeaderSize is 8192 (see same link, above), but the CAS documentation for configuring the server as a SAML2 IdP recommends setting it to 2097152 as well, so that's probably why it is that way. ( https://apereo.github.io/cas/development/installation/Configuring-SAML2-Authentication.html#server-configuration ) I would guess that if you're not using the SAML2 IdP functionality, you could put maxHttpHeaderSize back down to 8192 or whatever, but as they say, YMMV. --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Tue, Oct 31, 2017 at 6:09 PM, Duane Booher <dd...@nau.edu> wrote: > Hi, we were noticing > > server.tomcat.maxHttpHeaderSize=20971520 in > https://apereo.github.io/cas/5.0.x/installation/ > Configuration-Properties.html#embedded-tomcat > > and server.tomcat.maxHttpPostSize=20971520 in > https://apereo.github.io/cas/5.1.x/installation/ > Configuration-Properties.html#embedded-tomcat-container > > The seems a bit excessive. How large are people configuring the tomcat > server.xml maxHttpHeaderSize? > > Thanks, > Duane > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/367058ff-b38a-43ac-af96- > d712c91b1e99%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/367058ff-b38a-43ac-af96-d712c91b1e99%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAP9EhPwJWwa%2Bf83ki1phuCi-OwhFoi1Daikpjs3LTrCAQ%40mail.gmail.com.