[JBoss JIRA] (WFLY-9675) cannot disable 'max-post-size' check for undertow listeners

Monday, 15 January 2018



     [
https://issues.jboss.org/browse/WFLY-9675?page=com.atlassian.jira.plugin....
]

Chao Wang moved JBEAP-14096 to WFLY-9675:
-----------------------------------------

              Project: WildFly  (was: JBoss Enterprise Application Platform)
                  Key: WFLY-9675  (was: JBEAP-14096)
             Workflow: GIT Pull Request workflow   (was: CDW with loose statuses v1)
          Component/s: Web (Undertow)
                           (was: Web (Undertow))
    Affects Version/s: 11.0.0.Final
                           (was: 7.1.0.GA)


...
 cannot disable 'max-post-size' check for undertow listeners
 -----------------------------------------------------------

                 Key: WFLY-9675
                 URL: https://issues.jboss.org/browse/WFLY-9675
             Project: WildFly
          Issue Type: Bug
          Components: Web (Undertow)
    Affects Versions: 11.0.0.Final
            Reporter: Chao Wang
            Assignee: Chao Wang
            Priority: Minor

 With EAP7.1.0.GA, there has been added a validator for 'max-post-size' attribute
for listeners in undertow subsystem. This validator requires positive integer values
starting with value 1. That means, you cannot disable 'max-post-size' for such
listener using 0 value anymore.
 In EAP6.4 and EAP7.0, it was possible to disable 'max-post-size' check with 0
value. I understand that we might not want to allow user to set this to 0 value as it
might be a potentional security risk. Still, maybe we should relax this restriction as it
was possible to configure it that way in previous versions of EAP.
 Also there is a [Knowledge Base article|https://access.redhat.com/solutions/714173]
regarding to this feature, which we should update in case we won't reconsider our
position.
 Just for the record - quoting question from mailing list:
 {quote}
 Dear Experts,
 Based on KCS, the "max-post-size" in "http-listener" from
"undertow" subsystem can be disabled by setting "0" to it, it worked
for EAP 6.x and 7.0 GA.
 But in EAP 7.1.0 GA, it didn't work:
 ~~~
 [standalone@localhost:9990 /]
/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=max-post-size,value=0)
 {
     "outcome" => "failed",
     "failure-description" => "WFLYCTL0117: 0 is an invalid value for
parameter max-post-size. A minimum value of 1 is required",
     "rolled-back" => true
 }
 ~~~
 By comparing schemas:
 ~~~
 jboss-eap-7.0/docs/schema/wildfly-undertow_x_x.xsd:
 <xs:attribute name="max-post-size" type="xs:long"
default="0"/>
 ---
 jboss-eap-7.1/docs/schema/wildfly-undertow_x_x.xsd:
 <xs:attribute name="max-post-size" type="xs:long"
default="10485760"/>
 ~~~
 The behaviour changed.
 And I found WFLY-6437 and JBEAP-3974, but failed to open links inside those.
 So can I ask if "max-post-size" can be disabled in EAP 7.1.0 GA and the reason
if possible?
 Best Regards,
 Zhang Xu
 {quote} 


--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006