Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9736

(7.0.z) UNDERTOW-1005 - max-parameters limit on listener value results in accepting up to max-parameters+1 value

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • 7.0.6.CR1, 7.0.6.GA
    • 7.0.5.CR1, 7.1.0.DR11
    • Undertow
    • None
    • Hide

      start EAP
      define max-parameters on http-listener to some low number, e.g. 2 => /subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-parameters, value=2)
      Do http request with number of parameters greater by one value than set by previous command
      => e.g. curl -I 'http://127.0.0.1:8080/index.html?aaa=1&bbb=2&ccc=3'

      This should fail with 400 Bad Request but it doesn't and ends with 200. If you add one more parameter it will start rejecting the requests with 400

      Show
      start EAP define max-parameters on http-listener to some low number, e.g. 2 => /subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-parameters, value=2) Do http request with number of parameters greater by one value than set by previous command => e.g. curl -I 'http://127.0.0.1:8080/index.html?aaa=1&bbb=2&ccc=3' This should fail with 400 Bad Request but it doesn't and ends with 200. If you add one more parameter it will start rejecting the requests with 400
    • EAP 7.0.6

      If I set max-parameters on listener to some value and send request with number of parameters bigger by one than the value set in the attribute, the request is accepted. When it is bigger by two, the request is rejected as bad request.

      This issue is only with HTTP/1, with HTTP/2.0 it works as expected.

            chaowan@redhat.com Chao Wang
            psotirop@redhat.com Panagiotis Sotiropoulos (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: