Skip to main content

Restricting large http uploads

1 reply [Last post]
st.h
Offline
Joined: 2012-01-26
Points: 0

I know there has been a similar discussion every once in a while, but I couldn't find any real solution to this issue from reading previous postings.
We are currently looking for a way to limit the amount of data, that could be uploaded to our servers. The purpose is to prevent attacks where people would try to upload a big amount of very large files to our services and cause out of heap space errors. We want to abort the upload if the uploaded amount of data exceeds a certain amount. We are currently using both soap and rest endpoints via jax-rs and jax-ws.

I have come across the discussion where it has been recommended to set max-swallowing-input-bytes in the domain.xml, but we found that this didn't have any effect in glassfish 3.1.2.2.

There is also a config for the http-listener: Max Post Size, but we could still upload data via http post, that exceeded the specified size.

Any recommended way, how to solve such a problem? I hardly can believe that we are the first, who are trying to prevent such a possible attack.

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
amsash
Offline
Joined: 2013-04-16
Points: 0

Pls clarify below doubts on http-listener: Max Post Size,

Is the size associated with deployed application, users will be able to upload only the size specified in the Max Post Size. or is it related to GF application server.