Hi,
We use Tomcat 7.0.109 and Tomcat 8.5 in our Tomcat based webapp deployments and
we have a new requirement to prevent Host Header injection. The
allowHostHeaderMismatch option seems the perfect answer to this issue.
However, configuring it in our environment, i.e. in the server.xml
Hello Mark,
Could we slightly update the description - to say that this size is total size
(in bytes)of all the request (and response) headers combined (including the
header name and values)?
In the past, I incorrectly assumed that this size limit applies for one header
value.
Hi
I recently transitioned from Tomcat Version 10.0.14 to 10.0.17 on Windows 10,
server 2016, and server 2019
Version 10.0.14 was good, Version 10.0.17 also has Unexpected messages in
commons-daemon.log
Is there a fix?
John Orendt
john.p.ore...@medtronic.com
-Original Message-
From:
On 25/05/2022 12:08, Aditya Kumar wrote:
Thanks! Sorry I misread that article.
So I suppose it's the same for maxHttpRequestHeaderSize and
maxHttpResponseHeaderSize?
Correct.
Mark
On Wed, May 25, 2022 at 10:45 AM Mark Thomas wrote:
On 25/05/2022 10:33, Aditya Kumar wrote:
I'm sorry
Thanks! Sorry I misread that article.
So I suppose it's the same for maxHttpRequestHeaderSize and
maxHttpResponseHeaderSize?
On Wed, May 25, 2022 at 10:45 AM Mark Thomas wrote:
> On 25/05/2022 10:33, Aditya Kumar wrote:
> > I'm sorry I'm not sure what you mean by Integer.MAX_VALUE?
>
>
On 25/05/2022 10:33, Aditya Kumar wrote:
I'm sorry I'm not sure what you mean by Integer.MAX_VALUE?
https://docs.oracle.com/javase/8/docs/api/java/lang/Integer.html#MAX_VALUE
Looking at https://tomcat.apache.org/tomcat-9.0-doc/config/http.html all I
see is this:-
"maxHttpHeaderSize
The
I'm sorry I'm not sure what you mean by Integer.MAX_VALUE?
Looking at https://tomcat.apache.org/tomcat-9.0-doc/config/http.html all I
see is this:-
"maxHttpHeaderSize
The maximum size of the request and response HTTP header, specified in
bytes. If not specified, this attribute is set to 8192 (8
On 25/05/2022 09:51, Aditya Kumar wrote:
Hi
I'm using Tomcat 9.0.46 and I want to know what is the maximum possible
value for maxHttpHeaderSize
Integer.MAX_VALUE
I have Tomcat setup using kerberos authentication and for some users the
Authorisation header is too large (too many AD groups).
Hi
I'm using Tomcat 9.0.46 and I want to know what is the maximum possible
value for maxHttpHeaderSize
I have Tomcat setup using kerberos authentication and for some users the
Authorisation header is too large (too many AD groups).
I have seen various articles when googling but I want something
There is monitoring of the service so that seems to be the cause. I agree that
logging it at TRACE level is a better idea. On INFO level it just adds noice.
Pontus
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
10 matches
Mail list logo
