Maxpostsize Tomcat 7

Posted : admin On 1/26/2022
How to edit the default maxPostSize of embedded Tomcat in SpringBoot
  1. Tomcat Maxhttpheadersize
  2. Maxpostsize Tomcat 7 0
  3. Maxpostsize Tomcat 7 Free

MaxPostSize: The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing. The limit can be disabled by setting this attribute to a value less than or equal to 0. If not specified, this attribute is set to 2097152 (2 megabytes). Xmx1500m - this is the maximum amount of memory that Tomcat may use, at least 1.5G is recommended for handling larger ( 25M) metadata files but you will need to test on your particular metadata configuration -XX:MaxPermSize=128m - the maximum amount of memory allowed for the permanent generation object space (this setting applies only to Java 7).

Maxpostsize Tomcat 7
EmbeddedServletContainerCustomizer containerCustomizer(
) throws Exception {
return (ConfigurableEmbeddedServletContainer container) -> {
if (container instanceof TomcatEmbeddedServletContainerFactory) {
TomcatEmbeddedServletContainerFactory tomcat = (TomcatEmbeddedServletContainerFactory) container;
(connector) -> {

commented Jun 9, 2015

This is very useful because the default config in SpringBoot only allows to upload 2 MB files.

In Tomcat 8.0.24, t he meaning of the value zero for the maxPostSize has been changed to mean a limit of zero rather than no limit to align it with maxSavePostSize and to be more intuitive. See Tomcat 8.0.24 change log for more details. Y ou must now use maxpostsize='-1' for unlimited size. (int)The number of threads to be used to run for the polling events. Default value is 1 per processor up to and including version 7.0.27. Default value as of version 7.0.28 is 1 per processor but not more than 2. When accepting a socket, the operating system holds a global lock. So the benefit of going above 2 threads diminishes rapidly.

commented Jun 9, 2015

org.apache.catalina.connector.Request.class line 2779 if (postSize > maxPostSize) {
throw new IllegalStateException(sm.getString(

commented Jun 9, 2015

This solves the following exception: Caused by: java.lang.IllegalStateException: The multi-part request contained parameter data (excluding uploaded files) that exceeded the limit for maxPostSize set on the associated connector

commented Sep 8, 2015

Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Tomcat Maxhttpheadersize

Tomcat configuration should not be the only line of defense. The other components in the system (operating system, network, database, etc.) should also be secured.

Tomcat should not be run under the root user. Create a dedicated user for the Tomcat process and provide that user with the minimum necessary permissions for the operating system. For example, it should not be possible to log on remotely using the Tomcat user.

Maxpostsize Tomcat 7 0

File permissions should also be suitable restricted. Taking the Tomcat instances at the ASF as an example (where auto-deployment is disabled and web applications are deployed as exploded directories), the standard configuration is to have all Tomcat files owned by root with group Tomcat and whilst owner has read/write priviliges, group only has read and world has no permissions. The exceptions are the logs, temp and work directory that are owned by the Tomcat user rather than root. This means that even if an attacker compromises the Tomcat process, they can't change the Tomcat configuration, deploy new web applications or modify existing web applications. The Tomcat process runs with a umask of 007 to maintain these permissions.

Maxpostsize Tomcat 7 Free

At the network level, consider using a firewall to limit both incoming and outgoing connections to only those connections you expect to be present.