3

We migrated a web application from JBoss 5.1 to 7.0.9. Post migration, in a specific scenario, there is a Runtime Exception thrown as mentioned below which we didn't encounter with JBoss 5.1. We found there is a restriction on maximum http parameters with default value of 1000 to prevent hash collision based DOS attacks.

1. Is it possible to disable this limitation in JBoss 7.0.9?

2. If can't, how to conclude/determine the maximum value for a given application?

java.lang.RuntimeException: io.undertow.util.ParameterLimitException: UT000047: The number of parameters exceeded the maximum of 1000 at io.undertow.server.handlers.form.FormData.add(FormData.java:78) [undertow-core-1.3.31.Final-redhat-3.jar:1.3.31.Final-redhat-3] at io.undertow.server.handlers.form.FormData.add(FormData.java:68) [undertow-core-1.3.31.Final-redhat-3.jar:1.3.31.Final-redhat-3] at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.doParse(FormEncodedDataDefinition.java:172) [undertow-core-1.3.31.Final-redhat-3.jar:1.3.31.Final-redhat-3] at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.parseBlocking(FormEncodedDataDefinition.java:251) [undertow-core-1.3.31.Final-redhat-3.jar:1.3.31.Final-redhat-3] Caused by: io.undertow.util.ParameterLimitException: UT000047: The number of parameters exceeded the maximum of 1000 ... 38 more

Vasanth Subramanian
  • 131
  • 1
  • 6

2 Answers2

5

The default is 1000, you can modify the value by adding the "max-parameters" as shown below :

 <subsystem xmlns="urn:jboss:domain:undertow:1.1">
            <buffer-cache name="default"/>
            <server name="default-server">
                <http-listener name="default" socket-binding="http" max-parameters="5000"/>
                <host name="default-host" alias="localhost">
............ <snip> ..........
Giri
  • 51
  • 1
  • 2
0

make sure your standalone.xml has "max-parameters" set to 5000 like -

<subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
        <buffer-cache name="default"/>
        <server name="default-server">
            <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" max-parameters="5000"/>
            <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
            <host name="default-host" alias="localhost">
                <location name="/" handler="welcome-content"/>
                <http-invoker security-realm="ApplicationRealm"/>
            </host>
        </server>
        <servlet-container name="default">
            <jsp-config/>
            <websockets/>
        </servlet-container>
        <handlers>
            <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
        </handlers>
    </subsystem>
Caffeine Coder
  • 101
  • 2