Hi Perplexity wrote
The maxPostSize attribute only applies to requests where Tomcat parses form data (e.g., application/x-www-form-urlencoded). For raw POST bodies (like application/json), maxPostSize may not be enforced by default in all Tomcat versions. If you need to restrict POST size for JSON or other non-form content, you may need to implement a custom filter in your application that checks the Content-Length header or reads the request body up to a maximum allowed size. 04.07.2025 11:35:05 S Abirami <s.abir...@ericsson.com.INVALID>: > Hi Team, > > We are looking into possibility of restricting the POST request size having > content-type application/json in Tomcat. > We want to ensure that attacker should not hit Rest API request directly with > large request data. Expecting Tomcat application server level configuration > should decline the request. > We tried adding maxPostSize but it doesn't seem to work for content type > application/json > > Tomcat version is 9.0.104 > > Kindly let me know if any tomcat attribute can be used or other ways to > achieve this in Tomcat. > > Thanks in advance, > > Regards, > Viswa
