How to change the amount of fields that can be posted in a form with IIS 7.5?

后端 未结 2 1318
执念已碎
执念已碎 2021-01-13 08:33

We\'ve hit a problem with some forms in the admin portion of our web app. There are a handful of forms that contain a large number of fields (it can range anywhere from one

相关标签:
2条回答
  • 2021-01-13 09:04

    This is an issue introduced with hotfix APSB12-06. While it is a ColdFusion error, people have reported receiving the error in Tomcat, before it supposedly hit the CF server

    There is a setting in neo-runtime.xml which defines the postsizelimit - and is defaulted to 100.

    The full notes are located here, but here is the short version.

    This hot fix has a new setting in ColdFusion, Post Parameter Limit. This setting limits the number of parameters in a post request. The default value is 100. If a post request contains more parameters as specified, the server doesn't process the request and throws an exception. This process protects against DoS attack using Hash Collision. This setting is different from Post Size Limit (ColdFusion Administrator > Settings > Maximum size of post data). This setting isn't exposed in the ColdFusion Administrator console. But you can easily change this limit in the neo-runtime.xml file. See point 5 below. Customers who want to change postParameterLimit, go to {ColdFusion-Home}/lib for Server Installation or {ColdFusion-Home}/WEB-INF/cfusion/lib for Multiserver or J2EE installation. Open file neo-runtime.xml, after line.

    <var name='postSizeLimit'><number>100.0</number></var>
    

    Add the line below and you can change 100 with the desired number.

    <var name='postParametersLimit'><number>100.0</number></var>
    

    CF10+ has the setting available to edit within the CF Admin Settings page under Maximum number of POST request parameters under Server Settings -> Settings.

    On our 9.0.1 server, we just increased the setting up to 10000 and have seen no adverse effects.

    0 讨论(0)
  • 2021-01-13 09:18

    I believe you are bumping up against a security feature of ColdFusion. What ColdFusion version are you running? In ColdFusion Security Hotfix APSB12-06 they introduced a fix to protect against DoS attack using Hash Collision. From that page:

    This hotfix implements a new setting in ColdFusion, Post Parameter Limit. This limits the number of parameters in a post request. The default value is 100. If a post request contains more parameters as specified, server will not process the request and throws an exception. This is done to protect against DoS attack using Hash Collision. This setting is different from Post Size Limit (ColdFusion Administrator > Settings > Maximum size of post data). We are not exposing this setting in ColdFusion Administrator console, but this limit can be easily changed in neo-runtime.xml file. See point 5 below.

    Also on that page are instructions on how to increase that limit. Basically you have to make a change in your neo-runtime.xml file.

    Customers who want to change postParameterLimit, go to {ColdFusion-Home}/lib for Server Installation or {ColdFusion-Home}/WEB-INF/cfusion/lib for Multiserver or J2EE installation. Open file neo-runtime.xml, after line:

    <var name='postSizeLimit'><number>100.0</number></var>
    

    add the below line and you can change 100 with desired number.

    <var name='postParametersLimit'><number>100.0</number></var>
    
    0 讨论(0)
提交回复
热议问题