Hi, I'd like to configure my dropwizard setup to limit the maximum size of requests the server receives. Want to do this as a high-level DoS prevention method. Ideally, we're able to fail very fast if a very large request was sent to minimize the impact on the server.
After much reading, the only thing I can find is the inputBufferSize here (http://www.dropwizard.io/1.0.5/docs/manual/configuration.html#http). However, specifying a value here doesn't seem to reject my very large requests that I sent from a test. The configuration looks something like this: server: applicationConnectors: - type: http port: 9100 inputBufferSize: 2KiB - type: https port: 9543 keyStorePath: foo.keystore keyStorePassword: bar validateCerts: false validatePeers: false Any ideas about if I'm on the right path? When I look at io.dropwizard.jetty.HttpConnectorFactory, I see that a value of 2kb gets set. However, I don't see any java references to io.dropwizard.jetty.HttpConnectorFactory#getInputBufferSize which makes me wonder if this value is ignored. Thank you! -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
