-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 5/2/2010 6:48 AM, André Warnier wrote: > It is there to avoid the possibility for some miscreant to overwhelm > your server by sending it a POST request with a body of, for example, 10 > Gigabyte, through a slow connection. > In the absence of such a limit, this would force the server to dedicate > a process to just sit there reading the content of the POST, possibly > for hours. It's interesting that you mention this specific case, because I believe Tomcat's behavior, even in cases where the Content-Length and/or actual request body length exceed the "maxPostSize" setting, is to read every byte sent by the client (and discard them). That could still tie-up the server for hours. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkve16oACgkQ9CaO5/Lv0PDGyQCffE+vIqfTGHIi0VAMsmzbb3nf aDEAniVtfCSx+LFKNusXBJJzBCKrNvqw =ML/2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
