How to change the amount of fields that can be posted in a form with IIS 7.5?

Question

We\'ve hit a problem with some forms in the admin portion of our web app. There are a handful of forms that contain a large number of fields (it can range anywhere from one

Answer 1

I believe you are bumping up against a security feature of ColdFusion. What ColdFusion version are you running? In ColdFusion Security Hotfix APSB12-06 they introduced a fix to protect against DoS attack using Hash Collision. From that page:

This hotfix implements a new setting in ColdFusion, Post Parameter Limit. This limits the number of parameters in a post request. The default value is 100. If a post request contains more parameters as specified, server will not process the request and throws an exception. This is done to protect against DoS attack using Hash Collision. This setting is different from Post Size Limit (ColdFusion Administrator > Settings > Maximum size of post data). We are not exposing this setting in ColdFusion Administrator console, but this limit can be easily changed in neo-runtime.xml file. See point 5 below.

Also on that page are instructions on how to increase that limit. Basically you have to make a change in your neo-runtime.xml file.

Customers who want to change postParameterLimit, go to {ColdFusion-Home}/lib for Server Installation or {ColdFusion-Home}/WEB-INF/cfusion/lib for Multiserver or J2EE installation. Open file neo-runtime.xml, after line:

100.0

add the below line and you can change 100 with desired number.

100.0