Package io.undertow.httpcore

Class UndertowOptions

java.lang.Object
io.undertow.httpcore.UndertowOptions
public class UndertowOptions extends Object
Author:
Stuart Douglas

  • Field Details

    • MAX_HEADER_SIZE

      public static final UndertowOption<Integer> MAX_HEADER_SIZE
      The maximum size in bytes of a http request header.

    • MAX_ENTITY_SIZE

      public static final UndertowOption<Long> MAX_ENTITY_SIZE
      The default maximum size of the HTTP entity body.

    • MULTIPART_MAX_ENTITY_SIZE

      public static final UndertowOption<Long> MULTIPART_MAX_ENTITY_SIZE
      The default maximum size of the HTTP entity body when using the mutiltipart parser. Generall this will be larger than MAX_ENTITY_SIZE.

      If this is not specified it will be the same as MAX_ENTITY_SIZE.

    • DEFAULT_MAX_ENTITY_SIZE

      public static final long DEFAULT_MAX_ENTITY_SIZE
      We do not have a default upload limit
      See Also:

    • DEFAULT_MAX_PARAMETERS

      public static final int DEFAULT_MAX_PARAMETERS
      See Also:

    • MAX_PARAMETERS

      public static final UndertowOption<Integer> MAX_PARAMETERS
      The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities.

      This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).

      Defaults to 1000

    • DEFAULT_MAX_HEADERS

      public static final int DEFAULT_MAX_HEADERS
      See Also:

    • MAX_HEADERS

      public static final UndertowOption<Integer> MAX_HEADERS
      The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.

      Defaults to 200

    • MAX_COOKIES

      public static final UndertowOption<Integer> MAX_COOKIES
      The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.

      Defaults to 200

    • ALLOW_ENCODED_SLASH

      public static final UndertowOption<Boolean> ALLOW_ENCODED_SLASH
      If a request comes in with encoded / characters (i.e. %2F), will these be decoded.

      This can cause security problems if a front end proxy does not perform the same decoding, and as a result this is disabled by default.

      Defaults to false

      See CVE-2007-0450

    • DECODE_URL

      public static final UndertowOption<Boolean> DECODE_URL
      If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.

      Defaults to true.

    • URL_CHARSET

      public static final UndertowOption<String> URL_CHARSET
      If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.

      Defaults to true.

    • ALWAYS_SET_DATE

      public static final UndertowOption<Boolean> ALWAYS_SET_DATE
      If this is true then a Date header will be added to all responses. The HTTP spec says this header should be added to all responses, unless the server does not have an accurate clock.

      Defaults to true

    • MAX_BUFFERED_REQUEST_SIZE

      public static final UndertowOption<Integer> MAX_BUFFERED_REQUEST_SIZE
      Maximum size of a buffered request, in bytes

      Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.

      Defaults to 16384.

    • DEFAULT_MAX_BUFFERED_REQUEST_SIZE

      public static final int DEFAULT_MAX_BUFFERED_REQUEST_SIZE
      See Also:

    • RECORD_REQUEST_START_TIME

      public static final UndertowOption<Boolean> RECORD_REQUEST_START_TIME
      If this is true then Undertow will record the request start time, to allow for request time to be logged

      This has a small but measurable performance impact

      default is false

    • ENABLE_HTTP2

      public static final UndertowOption<Boolean> ENABLE_HTTP2
      If we should attempt to use HTTP2 for HTTPS connections.

    • SHUTDOWN_TIMEOUT

      public static final UndertowOption<Integer> SHUTDOWN_TIMEOUT
      The server shutdown timeout in milliseconds after which the executor will be forcefully shut down interrupting tasks which are still executing.

      There is no timeout by default.

    • READ_TIMEOUT

      public static final UndertowOption<Long> READ_TIMEOUT
      Blocking read timeout in milliseconds. Defaults to 60 000 (60 seconds)

    • DEFAULT_READ_TIMEOUT

      public static final long DEFAULT_READ_TIMEOUT
      See Also:

    • WORKER_ACCEPT_THREADS

      @Deprecated public static final UndertowOption<Integer> WORKER_ACCEPT_THREADS
      Deprecated.
      Specify the number of accept threads a single socket server should have. Specifying more than one can result in spurious wakeups for a socket server under low connection volume, but higher throughput at high connection volume. The minimum value is 1, and the maximum value is equal to the number of available worker threads.