This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new bf07c3a7e3 Clarify the docs for maxPostSize
bf07c3a7e3 is described below
commit bf07c3a7e3b65ae920a21795997fae573f2ed438
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Sep 10 12:18:02 2025 +0100
Clarify the docs for maxPostSize
---
webapps/docs/changelog.xml | 8 ++++++++
webapps/docs/config/ajp.xml | 18 +++++++++++++-----
webapps/docs/config/context.xml | 7 ++++---
webapps/docs/config/http.xml | 18 +++++++++++++-----
webapps/docs/security-howto.xml | 6 +++---
5 files changed, 41 insertions(+), 16 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1c3e690e13..e845af503c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -125,6 +125,14 @@
</update>
</changelog>
</subsection>
+ <subsection name="Web applications">
+ <changelog>
+ <fix>
+ Documentation. Clarify the purpose of the <code>maxPostSize</code>
+ attribute of the <code>Connector</code> element. (markt)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 11.0.11 (markt)" rtext="2025-09-05">
<subsection name="Catalina">
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index 8a9d20495f..02028dee8b 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -209,11 +209,19 @@
</attribute>
<attribute name="maxPostSize" required="false">
- <p>The maximum size in bytes of the POST which will be handled by
- the container FORM URL parameter parsing. The limit can be disabled by
- setting this attribute to a value less than zero. Requests that exceed
- this limit will be rejected. If not specified, this attribute is set to
- 2097152 (2 MiB).</p>
+ <p>This is the maximum number of request body bytes that will be
converted
+ into request parameters by Tomcat. This limit only applies in specific
+ circumstances and is <strong>not</strong> a general limit on request body
+ size for POST requests. The limit only applies when Tomcat is processing
+ the request body for parameters as per section 3.1.1
+ (<code>application/x-www-form-urlencoded</code>) or section 3.2
+ (<code>multipart/form-data</code>) of the Servlet specification. In the
+ <code>multipart/form-data</code> case, the limit only applies to the data
+ used to generate the parameters that are made available through the
+ <code>getParameter()</code> family of methods.</p>
+ <p>The limit can be disabled by setting this attribute to a value less
+ than zero. Requests that exceed this limit will be rejected. If not
+ specified, this attribute is set to 2097152 (2 MiB).</p>
</attribute>
<attribute name="maxSavePostSize" required="false">
diff --git a/webapps/docs/config/context.xml b/webapps/docs/config/context.xml
index ec5144e8b6..fda420277a 100644
--- a/webapps/docs/config/context.xml
+++ b/webapps/docs/config/context.xml
@@ -670,9 +670,10 @@
client connection. This setting is used in the following situations:
</p>
<ul>
- <li>the size of the request body is larger than the
- <code>maxPostSize</code> configured in the connector</li>
- <li>the size limit of a MultiPart upload is reached</li>
+ <li>Tomcat is automatically processing the request body for parameters
+ and size of the request body data converted to parameters is larger
+ than the <code>maxPostSize</code> configured in the connector</li>
+ <li>a size limit of a MultiPart upload is reached</li>
<li>the servlet sets the response status to 413 (Request Entity Too
Large) </li>
</ul>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index a3580ab594..5ec8936ed6 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -205,11 +205,19 @@
</attribute>
<attribute name="maxPostSize" required="false">
- <p>The maximum size in bytes of the POST which will be handled by
- the container FORM URL parameter parsing. The limit can be disabled by
- setting this attribute to a value less than zero. Requests that exceed
- this limit will be rejected. If not specified, this attribute is set to
- 2097152 (2 MiB).</p>
+ <p>This is the maximum number of request body bytes that will be
converted
+ into request parameters by Tomcat. This limit only applies in specific
+ circumstances and is <strong>not</strong> a general limit on request body
+ size for POST requests. The limit only applies when Tomcat is processing
+ the request body for parameters as per section 3.1.1
+ (<code>application/x-www-form-urlencoded</code>) or section 3.2
+ (<code>multipart/form-data</code>) of the Servlet specification. In the
+ <code>multipart/form-data</code> case, the limit only applies to the data
+ used to generate the parameters that are made available through the
+ <code>getParameter()</code> family of methods.</p>
+ <p>The limit can be disabled by setting this attribute to a value less
+ than zero. Requests that exceed this limit will be rejected. If not
+ specified, this attribute is set to 2097152 (2 MiB).</p>
</attribute>
<attribute name="maxSavePostSize" required="false">
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index d5fbc330cd..f4eb889c96 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -286,9 +286,9 @@
parts are rejected.</p>
<p>The <strong>maxPostSize</strong> attribute controls the maximum size
- of a POST request that will be parsed for parameters. The parameters are
- cached for the duration of the request so this is limited to 2 MiB by
- default to reduce exposure to a DoS attack.</p>
+ of data from a POST request that will be parsed for request parameters.
+ The parameters are cached for the duration of the request so this is
+ limited to 2 MiB by default to reduce exposure to a DoS attack.</p>
<p>The <strong>maxSavePostSize</strong> attribute controls the saving of
the request body during FORM and CLIENT-CERT authentication and HTTP/1.1
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
