Tweet
This change suppresses a possible DoS attack by transferring vast number of request parameters or JSON data to OX server. OX servlet container thereby adapts to already implemented behavior of other popular servlet containers /Tomcat, Jetty, etc.).
The file 'ajp.properties' is enhanced by the property AJP_MAX_REQUEST_PARAMETER_COUNT with default value set to 30:
# Specify the max. number of allowed request parameters
AJP_MAX_REQUEST_PARAMETER_COUNT: 30
The file 'server.properties' is enhanced by the property com.openexchange.json.maxSize with default value set to 1000:
# Specify the max. number of allowed attributes for a JSON object
com.openexchange.json.maxSize=1000
The file 'ajp.properties' is enhanced by the property AJP_MAX_REQUEST_PARAMETER_COUNT with default value set to 30:
# Specify the max. number of allowed request parameters
AJP_MAX_REQUEST_PARAMETER_COUNT: 30
The file 'server.properties' is enhanced by the property com.openexchange.json.maxSize with default value set to 1000:
# Specify the max. number of allowed attributes for a JSON object
com.openexchange.json.maxSize=1000