Modification of request-body-max-read

The request-body-max-read stanza entry specifies the maximum number of bytes of content to read from the body of POST requests.

This configuration is used for dynurl, authentication, and request caching. The request-body-max-read stanza entry affects the request body only. It does not impose limits on other components of a request, such as request line and headers. See the max-client-read configuration entry in the Web Reverse Proxy Stanza Reference topics in the Knowledge Center.

The value of the request-body-max-read stanza entry affects the amount of data that WebSEAL caches for users who must authenticate before their request can be fulfilled. For example, a user name and password submitted with a login form must fit into the request-body-max-read limit. This stanza entry affects all requests that have body content, such as POST and PUT requests.

This stanza entry impacts forms authentication, because it limits the size of the POST data that is processed when performing such authentication. To maintain a request body size sufficient for forms authentication, WebSEAL sets an absolute minimum of 512 bytes on request-body-max-read. If you specify a value below that minimum, the setting is ignored and the value 512 is used. There is no maximum value limit.

This stanza entry also impacts dynamic URL processing because the query portion of a POST request URI is contained in the request body.

The default value is 4096 bytes:

[server]
request-body-max-read = 4096

When the server-side cache setting for request-body-max-read is exceeded during a request, WebSEAL ends the request caching process. WebSEAL returns a Request Caching Failed error message to the browser, and writes the error to the log file. You can customize this error message. See Guidelines for customizing response pages.

The value of request-body-max-read also affects the value specified for request-max-cache. See Modification of request-max-cache.