Hi

Perplexity  wrote

The maxPostSize attribute only applies to requests where Tomcat parses form 
data (e.g., application/x-www-form-urlencoded).

For raw POST bodies (like application/json), maxPostSize may not be enforced by 
default in all Tomcat versions.

If you need to restrict POST size for JSON or other non-form content, you may 
need to implement a custom filter in your application that checks the 
Content-Length header or reads the request body up to a maximum allowed size.

04.07.2025 11:35:05 S Abirami <s.abir...@ericsson.com.INVALID>:

> Hi Team,
> 
> We are looking into possibility of restricting the POST request size having 
> content-type application/json in Tomcat.
> We want to ensure that attacker should not hit Rest API request directly with 
> large request data.  Expecting  Tomcat application server level configuration 
> should decline the request.
> We tried adding maxPostSize but it doesn't seem to work for content type 
> application/json
> 
> Tomcat version is 9.0.104
> 
> Kindly let me know if any tomcat attribute can be used or other ways to 
> achieve this in Tomcat.
> 
> Thanks in advance,
> 
> Regards,
> Viswa

Reply via email to