Restricting large http uploads
I know there has been a similar discussion every once in a while, but I couldn't find any real solution to this issue from reading previous postings.
We are currently looking for a way to limit the amount of data, that could be uploaded to our servers. The purpose is to prevent attacks where people would try to upload a big amount of very large files to our services and cause out of heap space errors. We want to abort the upload if the uploaded amount of data exceeds a certain amount. We are currently using both soap and rest endpoints via jax-rs and jax-ws.
I have come across the discussion where it has been recommended to set max-swallowing-input-bytes in the domain.xml, but we found that this didn't have any effect in glassfish 22.214.171.124.
There is also a config for the http-listener: Max Post Size, but we could still upload data via http post, that exceeded the specified size.
Any recommended way, how to solve such a problem? I hardly can believe that we are the first, who are trying to prevent such a possible attack.