This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 1b8609d6ee Clarify the docs for maxPostSize
1b8609d6ee is described below
commit 1b8609d6eeb2580e118d7f66b465f5bcd3faf5dd
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Sep 10 12:18:02 2025 +0100
Clarify the docs for maxPostSize
---
webapps/docs/changelog.xml | 4 ++++
webapps/docs/config/ajp.xml | 18 +++++++++++++-----
webapps/docs/config/context.xml | 7 ++++---
webapps/docs/config/http.xml | 18 +++++++++++++-----
webapps/docs/security-howto.xml | 6 +++---
5 files changed, 37 insertions(+), 16 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9b67ad3421..bae8b2fa09 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -276,6 +276,10 @@
<subsection name="Web applications">
<changelog>
<!-- Entries for backport and removal before 12.0.0-M1 below this line
-->
+ <fix>
+ Documentation. Clarify the purpose of the <code>maxPostSize</code>
+ attribute of the <code>Connector</code> element. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index d19c0a32a1..d61fc7ec6e 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -209,11 +209,19 @@
</attribute>
<attribute name="maxPostSize" required="false">
- <p>The maximum size in bytes of the POST which will be handled by
- the container FORM URL parameter parsing. The limit can be disabled by
- setting this attribute to a value less than zero. Requests that exceed
- this limit will be rejected. If not specified, this attribute is set to
- 2097152 (2 MiB).</p>
+ <p>This is the maximum number of request body bytes that will be
converted
+ into request parameters by Tomcat. This limit only applies in specific
+ circumstances and is <strong>not</strong> a general limit on request body
+ size for POST requests. The limit only applies when Tomcat is processing
+ the request body for parameters as per section 3.1.1
+ (<code>application/x-www-form-urlencoded</code>) or section 3.2
+ (<code>multipart/form-data</code>) of the Servlet specification. In the
+ <code>multipart/form-data</code> case, the limit only applies to the data
+ used to generate the parameters that are made available through the
+ <code>getParameter()</code> family of methods.</p>
+ <p>The limit can be disabled by setting this attribute to a value less
+ than zero. Requests that exceed this limit will be rejected. If not
+ specified, this attribute is set to 2097152 (2 MiB).</p>
</attribute>
<attribute name="maxSavePostSize" required="false">
diff --git a/webapps/docs/config/context.xml b/webapps/docs/config/context.xml
index 9ffe78efa9..bf9de1667b 100644
--- a/webapps/docs/config/context.xml
+++ b/webapps/docs/config/context.xml
@@ -668,9 +668,10 @@
client connection. This setting is used in the following situations:
</p>
<ul>
- <li>the size of the request body is larger than the
- <code>maxPostSize</code> configured in the connector</li>
- <li>the size limit of a MultiPart upload is reached</li>
+ <li>Tomcat is automatically processing the request body for parameters
+ and size of the request body data converted to parameters is larger
+ than the <code>maxPostSize</code> configured in the connector</li>
+ <li>a size limit of a MultiPart upload is reached</li>
<li>the servlet sets the response status to 413 (Request Entity Too
Large) </li>
</ul>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index bad983fe07..2e00b138ab 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -205,11 +205,19 @@
</attribute>
<attribute name="maxPostSize" required="false">
- <p>The maximum size in bytes of the POST which will be handled by
- the container FORM URL parameter parsing. The limit can be disabled by
- setting this attribute to a value less than zero. Requests that exceed
- this limit will be rejected. If not specified, this attribute is set to
- 2097152 (2 MiB).</p>
+ <p>This is the maximum number of request body bytes that will be
converted
+ into request parameters by Tomcat. This limit only applies in specific
+ circumstances and is <strong>not</strong> a general limit on request body
+ size for POST requests. The limit only applies when Tomcat is processing
+ the request body for parameters as per section 3.1.1
+ (<code>application/x-www-form-urlencoded</code>) or section 3.2
+ (<code>multipart/form-data</code>) of the Servlet specification. In the
+ <code>multipart/form-data</code> case, the limit only applies to the data
+ used to generate the parameters that are made available through the
+ <code>getParameter()</code> family of methods.</p>
+ <p>The limit can be disabled by setting this attribute to a value less
+ than zero. Requests that exceed this limit will be rejected. If not
+ specified, this attribute is set to 2097152 (2 MiB).</p>
</attribute>
<attribute name="maxSavePostSize" required="false">
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index d5fbc330cd..f4eb889c96 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -286,9 +286,9 @@
parts are rejected.</p>
<p>The <strong>maxPostSize</strong> attribute controls the maximum size
- of a POST request that will be parsed for parameters. The parameters are
- cached for the duration of the request so this is limited to 2 MiB by
- default to reduce exposure to a DoS attack.</p>
+ of data from a POST request that will be parsed for request parameters.
+ The parameters are cached for the duration of the request so this is
+ limited to 2 MiB by default to reduce exposure to a DoS attack.</p>
<p>The <strong>maxSavePostSize</strong> attribute controls the saving of
the request body during FORM and CLIENT-CERT authentication and HTTP/1.1
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
