Thanks for the response. It now makes sense, but I still don't understand why this is being referred to as a "FORM URL" or "the container's FORM URL".
Thanks in advance, Bytecode On 02/05/2010, at 8:48 PM, André Warnier wrote: > Bytecode wrote: >> According to Tomcat docs, the purpose of maxPostSize is: >> The maximum size in bytes of the POST which will be handled by the container >> FORM URL parameter parsing. The limit can be disabled by setting this >> attribute to a value less than or equal to 0. If not specified, this >> attribute is set to 2097152 (2 megabytes). >> Now the question is what's meant by "the container FORM URL parameter >> parsing"? What's a FORM URL? What's the container's FORM URL parameter >> parsing? Also, what is a possible use case of this parameter? > As a ganeral explanation : at the base the "maximum post size" setting > (available in Tomcat but also in Apache httpd and probably most webservers), > is a security measure. > It is there to avoid the possibility for some miscreant to overwhelm your > server by sending it a POST request with a body of, for example, 10 Gigabyte, > through a slow connection. > In the absence of such a limit, this would force the server to dedicate a > process to just sit there reading the content of the POST, possibly for > hours. It would also tie up a number of resources at the server side (to > store the POST content), and maybe cause difficulties when the POST is > finally terminated and the body has to be parsed etc.. > In other words, at best this might cause a denial-of-service, and at worst > crash your server with for example an out-of-memory condition. > The setting is thus available so that you, the application developer, can > determine which is the maximum likely valid size of a POST to your server or > application, and reject POSTs above this limit. > The webserver will then still accept POST requests, but as it is reading the > POST body, it will count the bytes, and as soon as this limit is reached, it > will interrupt this request and reject it with an error. > > As to the "FORM URL parameter parsing" expression : to my knowledge, this > does not really correspond to any formal HTTP RFC or Servlet Spec > well-defined expression. It is probably just an expression chosen by the > writer of the documentation you refer to, to convey the general idea that the > webserver, when it processes a POST request, at some point has to parse the > body of the request to extract the various request parameter names and > contents. > And, before it can start doing that, it must have the entire POST body > available, which means the entire POST body has been read and saved > somewhere. Which rejoins the explanation above. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
