Limiting Form Content

Forms can be a vector for denial-of-service attacks, like explained in this section of the Programming Guide.

Configuring Form Limits for a Web Application

To configure the form limits for a single web application, the WebAppContext instance can be configured from a context XML file or WEB-INF/jetty-web.xml file:

<Configure class="org.eclipse.jetty.ee10.webapp.WebAppContext">

  ...

  <Set name="maxFormContentSize">200000</Set>
  <Set name="maxFormKeys">200</Set>
</Configure>

These settings can also be set via the following ServletContext attributes.

org.eclipse.jetty.server.Request.maxFormKeys
org.eclipse.jetty.server.Request.maxFormContentSize