Uploaded image for project: 'Confluence'
  1. Confluence
  2. CONF-24323

Investigate file size restriction enforcement for /wiki/rpc/soap-axis/confluenceservice-v1 / addAttachment API

    Details

    • Last commented by user?:
      true

      Description

      The cause for HOP-314 was the usage of the /wiki/rpc/soap-axis/confluenceservice-v1 / addAttachment API with relatively large files (~82mb). If I recall right, our attachment file size in OnDemand is set to 100mb (CONFDEV-3606), but I've got no idea if it is enforced if using this API and if so it's probably after the deserialisation. The limit wouldn't have mattered anyway in the above mentioned case.

      Please investigate if a limit of 100mb is still feasible (imo it's way too high, I would even suggest reducing it to ~10-15mb) as the production max heap size is 512mb. Please also ensure that the limit is enforced when using the above mentioned API before it's getting deserialised since it'll cause a memory footprint of at least double the size.

      Maybe we should enforce the setting of the Content-length header via a filter for these requests, and enforce the limit via that (even if it's not accurate). We could also experiment with just setting the maxPostSize on the container.

        Attachments

          Issue Links

            Activity

            Anonymous Anonymous created issue -
            fakraemer Fabian Krämer made changes -
            Field Original Value New Value
            Link This issue relates to CONFDEV-3606 [ CONFDEV-3606 ]
            fakraemer Fabian Krämer made changes -
            Description The cause for [HOP-314|https://extranet.atlassian.com/jira/browse/HOP-314] was the usage of the /wiki/rpc/soap-axis/confluenceservice-v1 / addAttachment API with relatively large files (~82mb). If I recall right, our attachment file size in OnDemand is set to 100mb (CONFDEV-3606), but I've got no idea if it is enforced if using this API and if so it's probably after the deserialisation. The limit wouldn't have mattered anyway in the above mentioned case.

            Please investigate if a limit of 100mb is still feasible (imo it's way too high, I would even suggest reducing it to ~10-15mb) as the production max heap size is 512mb. Please also ensure that the limit is enforced when using the above mentioned API *before* it's getting deserialised since it'll cause a memory footprint of at least double the size.

            Maybe we should enforce the setting of the Content-length header via a filter for these requests, and enforce the limit via that (even if it's not accurate).
            The cause for [HOP-314|https://extranet.atlassian.com/jira/browse/HOP-314] was the usage of the /wiki/rpc/soap-axis/confluenceservice-v1 / addAttachment API with relatively large files (~82mb). If I recall right, our attachment file size in OnDemand is set to 100mb (CONFDEV-3606), but I've got no idea if it is enforced if using this API and if so it's probably after the deserialisation. The limit wouldn't have mattered anyway in the above mentioned case.

            Please investigate if a limit of 100mb is still feasible (imo it's way too high, I would even suggest reducing it to ~10-15mb) as the production max heap size is 512mb. Please also ensure that the limit is enforced when using the above mentioned API *before* it's getting deserialised since it'll cause a memory footprint of at least double the size.

            Maybe we should enforce the setting of the Content-length header via a filter for these requests, and enforce the limit via that (even if it's not accurate). We could also experiment with just setting the [maxPostSize|http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html] on the container.
            halatas Husein Alatas [Atlassian] made changes -
            Link This issue relates to CONF-23645 [ CONF-23645 ]
            akazatchkov.adm Anatoli Kazatchkov [Administrative Account] made changes -
            Workflow Confluence Default Workflow [ 359605 ] New Confluence Default Workflow [ 478569 ]
            jmasson@atlassian.com John Masson made changes -
            Component/s Engine Room / Architecture [ 12260 ]
            cmiller Charles Miller [Atlassian] made changes -
            Status New [ 10034 ] Open [ 1 ]
            barconati Bill Arconati made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Answered [ 9 ]
            msaxby Matthew Saxby made changes -
            Issue Type Improvement [ 4 ] Suggestion [ 10000 ]
            mhrynczak Mark Hrynczak [Atlassian] made changes -
            Workflow New Confluence Default Workflow [ 478569 ] Confluence Cloud First Workflow [ 1116389 ]

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  1 year, 34 weeks, 2 days ago