java 在 JBoss 上限制 HTTP post 请求的大小
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2418130/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Limiting the size of a HTTP post request on JBoss
提问by Aveen
I am using Jboss 4.2.3 as an appserver. Is there a way to limit the size of the HTTP Post request accepted by JBoss? I want to limit the size to avoid DOS attacks.
我使用 Jboss 4.2.3 作为应用程序服务器。有没有办法限制 JBoss 接受的 HTTP Post 请求的大小?我想限制大小以避免 DOS 攻击。
I already sat maxHttpHeaderSize and maxPostSize in the server.xml, but neither of them seem to make any difference.
我已经在 server.xml 中设置了 maxHttpHeaderSize 和 maxPostSize,但它们似乎都没有任何区别。
回答by skaffman
maxPostSizedefines how big a POST can get before Tomcat will "automatically" parse it, whatever that means.
maxPostSize定义在 Tomcat 将“自动”解析它之前 POST 可以得到多大,无论这意味着什么。
If you're doing this for security reasons, you need to think twice about how you do it. A DOS attack isn't going to conveniently announce its size as an HTTP request header, it's just going to send data until your server falls over.
如果您出于安全原因这样做,则需要三思而后行。DOS 攻击不会方便地将其大小声明为 HTTP 请求标头,它只会发送数据,直到您的服务器发生故障。
You couldcheck the Content-Lengthheader of the request, and reject it immediately if it's not present, or too big, but you run the risk of rejecting genuine clients that don't supply the header, which many won't.
您可以检查Content-Length请求的标头,如果它不存在或太大,则立即拒绝它,但是您冒着拒绝不提供标头的真正客户端的风险,而许多人不会提供该标头。
Otherwise, you're just going to have to read the request data until it crosses a threshold, and thenreject it.
否则,您只需要读取请求数据,直到它超过阈值,然后拒绝它。
Either way, the container can't help you much.
无论哪种方式,容器都帮不了你多少。
回答by Hoang
For Jboss you should configure in configuration file (eg: standalone-full.xml) like this: with max-post-size="26214400"means 25MB
对于 Jboss,您应该在配置文件(例如:standalone-full.xml)中配置如下:max-post-size="26214400"表示 25MB
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" max-post-size="26214400" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
回答by stacker
Tomcat accepts the HTTP request in $JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xmlyou can configure maxHttpHeaderSizeas an attribute of the ConnectorTag.
Tomcat 接受 HTTP 请求,$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml您可以将其配置maxHttpHeaderSize为ConnectorTag 的一个属性。
To have control regarding content you would implement a Valveor Filter
