[jira] [Work logged] (KNOX-2737) Make maxFormContentSize and maxFormKeys configurable in Knox's embedded Jetty server

Fri, 22 Apr 2022 06:58:13 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2737?focusedWorklogId=760844&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-760844
 ]

ASF GitHub Bot logged work on KNOX-2737:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 22/Apr/22 13:57
            Start Date: 22/Apr/22 13:57
    Worklog Time Spent: 10m 
      Work Description: smolnar82 opened a new pull request, #563:
URL: https://github.com/apache/knox/pull/563

   ## What changes were proposed in this pull request?
   
   Knox's embedded Jetty's maxFormContentSize and maxFormKeys configurations 
are now configurable in `gateway-site.xml`
   
   ## How was this patch tested?
   
   Ran JUnit tests:
   ```
   $  mvn clean -Dshellcheck=true verify -Prelease,package -am -pl 
gateway-server
   ...
   [INFO] 
------------------------------------------------------------------------
   [INFO] BUILD SUCCESS
   [INFO] 
------------------------------------------------------------------------
   [INFO] Total time:  05:59 min
   [INFO] Finished at: 2022-04-22T15:54:23+02:00
   [INFO] 
------------------------------------------------------------------------
   ```
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 760844)
    Remaining Estimate: 0h
            Time Spent: 10m

> Make maxFormContentSize and maxFormKeys configurable in Knox's embedded Jetty 
> server
> ------------------------------------------------------------------------------------
>
>                 Key: KNOX-2737
>                 URL: https://issues.apache.org/jira/browse/KNOX-2737
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 2.0.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> There are certain deployments, where increasing the {{maxFormContentSize}} 
> configuration is required because the default 200kB is not enough in POST 
> forms.
> Jetty checks these configurations on two levels: first in the context, and 
> then, if the context is not available (it's a very rare non-typical Jetty 
> deployment), looks it up in the server's attributes:
> {noformat}
> The form content that a request can process is limited to protect from Denial 
> of Service attacks. The size in bytes is limited by {@link 
> ContextHandler#getMaxFormContentSize()} or if there is no context then the 
> "org.eclipse.jetty.server.Request.maxFormContentSize" {@link Server} 
> attribute.
> The number of parameters keys is limited by {@link 
> ContextHandler#getMaxFormKeys()} or if there is no context then the 
> "org.eclipse.jetty.server.Request.maxFormKeys" {@link Server} 
> attribute.{noformat}
> Please note that these configurations are controlled by the System properties 
> called {{org.eclipse.jetty.server.Request.maxFormKeys}} and 
> {{{}org.eclipse.jetty.server.Request.maxFormContentSize{}}}.
> This Jira is about to override them in {{{}gateway-site.xml{}}}.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to