PQ59426: WAS PLUGIN DOES NOT HAVE CAPABILITY TO LIMIT THE REQUEST BODY | |||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description IHS/Apache have LimitRequestBody directive. and returns 413 error(Request entity too large) when request body is larger than LimitRequestBody. and It is vary popular way to protect "Denial of Service" attack. . However, this directive does not effect WAS plugin module. WAS plugin modules should have same functionality itself.Local fix Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server 4.0 users of * * the webserver plugins. * **************************************************************** * PROBLEM DESCRIPTION: The plugin did not restrict the size * * of the POST data that it would attempt * * to read from the client. * **************************************************************** * RECOMMENDATION: * **************************************************************** The plugin needed to protect itself from clients attempting to send very large POST content. Most of the webservers allow the user to set this at the webserver level but this just allows for an extra layer of protection.Problem conclusion Allow the user to configure an upper limit on the size of POST content that can be sent from the client. The default is now 10 megabytes of POST content. The limit can be configured at the server group level in the plugin-cfg.xml with the attribute PostSizeLimit. The value specified is in bytes.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ59426
IBM Group: Software Group
Modified date: Nov 1, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.