(tomcat) branch 10.1.x updated: Clarify the docs for maxPostSize

Wed, 10 Sep 2025 04:24:36 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new 1176b8633e Clarify the docs for maxPostSize
1176b8633e is described below

commit 1176b8633e3636bd8169041da274f5ca58c08d48
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Sep 10 12:18:02 2025 +0100

    Clarify the docs for maxPostSize
---
 webapps/docs/changelog.xml      |  8 ++++++++
 webapps/docs/config/ajp.xml     | 17 +++++++++++++----
 webapps/docs/config/context.xml |  7 ++++---
 webapps/docs/config/http.xml    | 17 +++++++++++++----
 webapps/docs/security-howto.xml |  6 +++---
 5 files changed, 41 insertions(+), 14 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 971406b116..0483c4dad9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -131,6 +131,14 @@
       </update>
     </changelog>
   </subsection>
+  <subsection name="Web applications">
+    <changelog>
+      <fix>
+        Documentation. Clarify the purpose of the <code>maxPostSize</code>
+        attribute of the <code>Connector</code> element. (markt)
+      </fix>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 10.1.45 (schultz)" rtext="2025-09-08">
   <subsection name="Catalina">
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index 8c8a1f58bf..a36c92d26c 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -215,10 +215,19 @@
     </attribute>
 
     <attribute name="maxPostSize" required="false">
-      <p>The maximum size in bytes of the POST which will be handled by
-      the container FORM URL parameter parsing. The limit can be disabled by
-      setting this attribute to a value less than zero. If not specified, this
-      attribute is set to 2097152 (2 MiB). Note that the
+      <p>This is the maximum number of request body bytes that will be 
converted
+      into request parameters by Tomcat. This limit only applies in specific
+      circumstances and is <strong>not</strong> a general limit on request body
+      size for POST requests. The limit only applies when Tomcat is processing
+      the request body for parameters as per section 3.1.1
+      (<code>application/x-www-form-urlencoded</code>) or section 3.2
+      (<code>multipart/form-data</code>) of the Servlet specification. In the
+      <code>multipart/form-data</code> case, the limit only applies to the data
+      used to generate the parameters that are made available through the
+      <code>getParameter()</code> family of methods.</p>
+      <p>The limit can be disabled by setting this attribute to a value less
+      than zero. If not specified, this attribute is set to 2097152 (2 MiB).
+      Note that the
       <a 
href="filter.html#Failed_Request_Filter"><code>FailedRequestFilter</code></a>
       can be used to reject requests that exceed this limit.</p>
     </attribute>
diff --git a/webapps/docs/config/context.xml b/webapps/docs/config/context.xml
index 767d7097fc..e805974912 100644
--- a/webapps/docs/config/context.xml
+++ b/webapps/docs/config/context.xml
@@ -663,9 +663,10 @@
         client connection. This setting is used in the following situations:
         </p>
         <ul>
-        <li>the size of the request body is larger than the
-            <code>maxPostSize</code> configured in the connector</li>
-        <li>the size limit of a MultiPart upload is reached</li>
+        <li>Tomcat is automatically processing the request body for parameters
+            and size of the request body data converted to parameters is larger
+            than the <code>maxPostSize</code> configured in the connector</li>
+        <li>a size limit of a MultiPart upload is reached</li>
         <li>the servlet sets the response status to 413 (Request Entity Too
             Large) </li>
         </ul>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 8d2e6a7395..2b16a505e1 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -211,10 +211,19 @@
     </attribute>
 
     <attribute name="maxPostSize" required="false">
-      <p>The maximum size in bytes of the POST which will be handled by
-      the container FORM URL parameter parsing. The limit can be disabled by
-      setting this attribute to a value less than zero. If not specified, this
-      attribute is set to 2097152 (2 MiB). Note that the
+      <p>This is the maximum number of request body bytes that will be 
converted
+      into request parameters by Tomcat. This limit only applies in specific
+      circumstances and is <strong>not</strong> a general limit on request body
+      size for POST requests. The limit only applies when Tomcat is processing
+      the request body for parameters as per section 3.1.1
+      (<code>application/x-www-form-urlencoded</code>) or section 3.2
+      (<code>multipart/form-data</code>) of the Servlet specification. In the
+      <code>multipart/form-data</code> case, the limit only applies to the data
+      used to generate the parameters that are made available through the
+      <code>getParameter()</code> family of methods.</p>
+      <p>The limit can be disabled by setting this attribute to a value less
+      than zero. If not specified, this attribute is set to 2097152 (2 MiB).
+      Note that the
       <a 
href="filter.html#Failed_Request_Filter"><code>FailedRequestFilter</code></a>
       can be used to reject requests that exceed this limit.</p>
     </attribute>
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 9d58ba89e5..ef5d9cd589 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -322,9 +322,9 @@
       <a href="config/filter.html">FailedRequestFilter</a>.</p>
 
       <p>The <strong>maxPostSize</strong> attribute controls the maximum size
-      of a POST request that will be parsed for parameters. The parameters are
-      cached for the duration of the request so this is limited to 2 MiB by
-      default to reduce exposure to a DoS attack.</p>
+      of data from a POST request that will be parsed for request parameters.
+      The parameters are cached for the duration of the request so this is
+      limited to 2 MiB by default to reduce exposure to a DoS attack.</p>
 
       <p>The <strong>maxSavePostSize</strong> attribute controls the saving of
       the request body during FORM and CLIENT-CERT authentication and HTTP/1.1


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to