On 08/01/2014 21:47, Dames, Kristopher J wrote: > My webapp needs to pass several thousand parameters in an HTTP POST > request. I am required to use RHEL's tomcat packages (currently on > 6.0.24). I figured out Red Hat has capped the maximum HTTP parameters > at 512 and to get around it, I have to add the Java parameter > "-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=5000" to the JVM. > I know this isn't strictly a Tomcat issue since the problem is Red > Hat's doing, but is anyone aware if it is possible to set this value > to "unlimited"? I tried setting it to 0 and -1 but they were treated > as literal values.
Sorry, you'll have to take that up with RedHat. They opted to apply their own solution rather than back-port the official fix. The official fix (the maxParameterCount attribute of the connector) has a default of 10000 and any value less than 0 is treated as unlimited. There are two security issues here: 1) The Java hash collision issue (CVE-2011-4858) 2) Tomcat parameter processing inefficiencies (CVE-2012-0022) CVE-2012-0022 may mean that processing thousands of parameters is really slow. You may see significant performance improvements if you switch to even the latest 6.0.x Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
