This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 7580f58d99 Clarify the docs for maxPostSize
7580f58d99 is described below
commit 7580f58d9938c3249264dcb533aeeb719bc7971e
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Sep 10 12:18:02 2025 +0100
Clarify the docs for maxPostSize
---
webapps/docs/changelog.xml | 8 ++++++++
webapps/docs/config/ajp.xml | 17 +++++++++++++----
webapps/docs/config/context.xml | 7 ++++---
webapps/docs/config/http.xml | 17 +++++++++++++----
webapps/docs/security-howto.xml | 6 +++---
5 files changed, 41 insertions(+), 14 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 33176a8af0..38736cde37 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -129,6 +129,14 @@
</update>
</changelog>
</subsection>
+ <subsection name="Web applications">
+ <changelog>
+ <fix>
+ Documentation. Clarify the purpose of the <code>maxPostSize</code>
+ attribute of the <code>Connector</code> element. (markt)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 9.0.109 (remm)" rtext="release in progress">
<subsection name="Catalina">
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index 8686dd2a68..84a73dadce 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -204,10 +204,19 @@
</attribute>
<attribute name="maxPostSize" required="false">
- <p>The maximum size in bytes of the POST which will be handled by
- the container FORM URL parameter parsing. The limit can be disabled by
- setting this attribute to a value less than zero. If not specified, this
- attribute is set to 2097152 (2 MiB). Note that the
+ <p>This is the maximum number of request body bytes that will be
converted
+ into request parameters by Tomcat. This limit only applies in specific
+ circumstances and is <strong>not</strong> a general limit on request body
+ size for POST requests. The limit only applies when Tomcat is processing
+ the request body for parameters as per section 3.1.1
+ (<code>application/x-www-form-urlencoded</code>) or section 3.2
+ (<code>multipart/form-data</code>) of the Servlet specification. In the
+ <code>multipart/form-data</code> case, the limit only applies to the data
+ used to generate the parameters that are made available through the
+ <code>getParameter()</code> family of methods.</p>
+ <p>The limit can be disabled by setting this attribute to a value less
+ than zero. If not specified, this attribute is set to 2097152 (2 MiB).
+ Note that the
<a
href="filter.html#Failed_Request_Filter"><code>FailedRequestFilter</code></a>
can be used to reject requests that exceed this limit.</p>
</attribute>
diff --git a/webapps/docs/config/context.xml b/webapps/docs/config/context.xml
index 70709db019..0503b552e5 100644
--- a/webapps/docs/config/context.xml
+++ b/webapps/docs/config/context.xml
@@ -626,9 +626,10 @@
client connection. This setting is used in the following situations:
</p>
<ul>
- <li>the size of the request body is larger than the
- <code>maxPostSize</code> configured in the connector</li>
- <li>the size limit of a MultiPart upload is reached</li>
+ <li>Tomcat is automatically processing the request body for parameters
+ and size of the request body data converted to parameters is larger
+ than the <code>maxPostSize</code> configured in the connector</li>
+ <li>a size limit of a MultiPart upload is reached</li>
<li>the servlet sets the response status to 413 (Request Entity Too
Large) </li>
</ul>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 5b1246046c..35019594b7 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -202,10 +202,19 @@
</attribute>
<attribute name="maxPostSize" required="false">
- <p>The maximum size in bytes of the POST which will be handled by
- the container FORM URL parameter parsing. The limit can be disabled by
- setting this attribute to a value less than zero. If not specified, this
- attribute is set to 2097152 (2 MiB). Note that the
+ <p>This is the maximum number of request body bytes that will be
converted
+ into request parameters by Tomcat. This limit only applies in specific
+ circumstances and is <strong>not</strong> a general limit on request body
+ size for POST requests. The limit only applies when Tomcat is processing
+ the request body for parameters as per section 3.1.1
+ (<code>application/x-www-form-urlencoded</code>) or section 3.2
+ (<code>multipart/form-data</code>) of the Servlet specification. In the
+ <code>multipart/form-data</code> case, the limit only applies to the data
+ used to generate the parameters that are made available through the
+ <code>getParameter()</code> family of methods.</p>
+ <p>The limit can be disabled by setting this attribute to a value less
+ than zero. If not specified, this attribute is set to 2097152 (2 MiB).
+ Note that the
<a
href="filter.html#Failed_Request_Filter"><code>FailedRequestFilter</code></a>
can be used to reject requests that exceed this limit.</p>
</attribute>
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 4cd7375228..7ea2f4bf9c 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -310,9 +310,9 @@
<a href="config/filter.html">FailedRequestFilter</a>.</p>
<p>The <strong>maxPostSize</strong> attribute controls the maximum size
- of a POST request that will be parsed for parameters. The parameters are
- cached for the duration of the request so this is limited to 2 MiB by
- default to reduce exposure to a DoS attack.</p>
+ of data from a POST request that will be parsed for request parameters.
+ The parameters are cached for the duration of the request so this is
+ limited to 2 MiB by default to reduce exposure to a DoS attack.</p>
<p>The <strong>maxSavePostSize</strong> attribute controls the saving of
the request body during FORM and CLIENT-CERT authentication and HTTP/1.1
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
