io.undertow.UndertowOptions Maven / Gradle / Ivy
/*
* JBoss, Home of Professional Open Source.
* Copyright 2014 Red Hat, Inc., and individual contributors
* as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.undertow;
import org.xnio.Option;
/**
* @author Stuart Douglas
*/
public class UndertowOptions {
/**
* The default read timeout to be used by read operations that absolutely require a timeout. Used only when both
* READ_TIMEOUT and IDLE_TIMEOUT are not used.
*/
public static final int DEFAULT_READ_TIMEOUT = 600000;
/**
* The maximum size in bytes of a http request header.
*/
public static final Option MAX_HEADER_SIZE = Option.simple(UndertowOptions.class, "MAX_HEADER_SIZE", Integer.class);
/**
* The default size we allow for the HTTP header.
*/
public static final int DEFAULT_MAX_HEADER_SIZE = 1024 * 1024;
/**
* The default maximum size of the HTTP entity body.
*/
public static final Option MAX_ENTITY_SIZE = Option.simple(UndertowOptions.class, "MAX_ENTITY_SIZE", Long.class);
/**
* The default maximum size of the HTTP entity body when using the mutiltipart parser. Generall this will be larger than {@link #MAX_ENTITY_SIZE}.
*
* If this is not specified it will be the same as {@link #MAX_ENTITY_SIZE}.
*/
public static final Option MULTIPART_MAX_ENTITY_SIZE = Option.simple(UndertowOptions.class, "MULTIPART_MAX_ENTITY_SIZE", Long.class);
/**
* We do not have a default upload limit
*/
public static final long DEFAULT_MAX_ENTITY_SIZE = -1;
/**
* If we should buffer pipelined requests. Defaults to false.
*/
public static final Option BUFFER_PIPELINED_DATA = Option.simple(UndertowOptions.class, "BUFFER_PIPELINED_DATA", Boolean.class);
/**
* The idle timeout in milliseconds after which the channel will be closed.
*
* If the underlying channel already has a read or write timeout set the smaller of the two values will be used
* for read/write timeouts.
*
*/
public static final Option IDLE_TIMEOUT = Option.simple(UndertowOptions.class, "IDLE_TIMEOUT", Integer.class);
/**
* The maximum allowed time of reading HTTP request in milliseconds.
*
* -1
or missing value disables this functionality.
*/
public static final Option REQUEST_PARSE_TIMEOUT = Option.simple(UndertowOptions.class, "REQUEST_PARSE_TIMEOUT", Integer.class);
/**
* The amount of time the connection can be idle with no current requests before it is closed;
*/
public static final Option NO_REQUEST_TIMEOUT = Option.simple(UndertowOptions.class, "NO_REQUEST_TIMEOUT", Integer.class);
public static final int DEFAULT_MAX_PARAMETERS = 1000;
/**
* The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities.
*
* This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have
* max parameters * 2 total parameters).
*
* Defaults to 1000
*/
public static final Option MAX_PARAMETERS = Option.simple(UndertowOptions.class, "MAX_PARAMETERS", Integer.class);
public static final int DEFAULT_MAX_HEADERS = 200;
/**
* The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
*
* Defaults to 200
*/
public static final Option MAX_HEADERS = Option.simple(UndertowOptions.class, "MAX_HEADERS", Integer.class);
public static final int DEFAULT_MAX_COOKIES = 200;
/**
* The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
*
* Defaults to 200
*/
public static final Option MAX_COOKIES = Option.simple(UndertowOptions.class, "MAX_COOKIES", Integer.class);
/**
* If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
*
* This can cause security problems if a front end proxy does not perform the same decoding, and as a result
* this is disabled by default.
*
* Defaults to false
*
* See CVE-2007-0450
* @deprecated - this option was interpreted improperly.
* @See {@link #DECODE_SLASH}
*/
public static final Option ALLOW_ENCODED_SLASH = Option.simple(UndertowOptions.class, "ALLOW_ENCODED_SLASH", Boolean.class);
/**
* If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
*
* This can cause security problems if a front end proxy does not perform the same decoding, and as a result
* this is disabled by default.
*
* If this option is set explicitly, the {@link #ALLOW_ENCODED_SLASH} is ignored. Should default to true
*
* See CVE-2007-0450
*/
public static final Option DECODE_SLASH = Option.simple(UndertowOptions.class, "DECODE_SLASH", Boolean.class);
/**
* If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will
* not be decoded. This will allow a later handler to decode them into whatever charset is desired.
*
* Defaults to true.
*/
public static final Option DECODE_URL = Option.simple(UndertowOptions.class, "DECODE_URL", Boolean.class);
/**
* If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will
* not be decoded. This will allow a later handler to decode them into whatever charset is desired.
*
* Defaults to true.
*/
public static final Option URL_CHARSET = Option.simple(UndertowOptions.class, "URL_CHARSET", String.class);
/**
* If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by
* the specification.
*
* Defaults to true
*/
public static final Option ALWAYS_SET_KEEP_ALIVE = Option.simple(UndertowOptions.class, "ALWAYS_SET_KEEP_ALIVE", Boolean.class);
/**
* If this is true then a Date header will be added to all responses. The HTTP spec says this header should be added to all
* responses, unless the server does not have an accurate clock.
*
* Defaults to true
*/
public static final Option ALWAYS_SET_DATE = Option.simple(UndertowOptions.class, "ALWAYS_SET_DATE", Boolean.class);
/**
* Maximum size of a buffered request, in bytes
*
* Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully
* buffered in order to perform the renegotiation.
*
* Defaults to 16384.
*/
public static final Option MAX_BUFFERED_REQUEST_SIZE = Option.simple(UndertowOptions.class, "MAX_BUFFERED_REQUEST_SIZE", Integer.class);
public static final int DEFAULT_MAX_BUFFERED_REQUEST_SIZE = 16384;
/**
* If this is true then Undertow will record the request start time, to allow for request time to be logged
*
* This has a small but measurable performance impact
*
* default is false
*/
public static final Option RECORD_REQUEST_START_TIME = Option.simple(UndertowOptions.class, "RECORD_REQUEST_START_TIME", Boolean.class);
/**
* If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values.
*
* Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
*
* default is false
*/
public static final Option ALLOW_EQUALS_IN_COOKIE_VALUE = Option.simple(UndertowOptions.class, "ALLOW_EQUALS_IN_COOKIE_VALUE", Boolean.class);
/**
* If this is true then Undertow will enable RFC6265 compliant cookie validation for Set-Cookie header instead of legacy backward compatible behavior.
*
* default is false
*/
public static final Option ENABLE_RFC6265_COOKIE_VALIDATION = Option.simple(UndertowOptions.class, "ENABLE_RFC6265_COOKIE_VALIDATION", Boolean.class);
public static final boolean DEFAULT_ENABLE_RFC6265_COOKIE_VALIDATION = false;
/**
* If we should attempt to use SPDY for HTTPS connections.
*
* SPDY is no longer supported, use HTTP/2 instead
*/
@Deprecated
public static final Option ENABLE_SPDY = Option.simple(UndertowOptions.class, "ENABLE_SPDY", Boolean.class);
/**
* If we should attempt to use HTTP2 for HTTPS connections.
*/
public static final Option ENABLE_HTTP2 = Option.simple(UndertowOptions.class, "ENABLE_HTTP2", Boolean.class);
/**
* If connector level statistics should be enabled. This has a slight performance impact, but allows statistics such
* as bytes sent/recevied to be monitored.
*
* If this is passed to the client then client statistics will be enabled.
*
*/
public static final Option ENABLE_STATISTICS = Option.simple(UndertowOptions.class, "ENABLE_STATISTICS", Boolean.class);
/**
* If connector level statistics should be enabled. This has a slight performance impact, but allows statistics such
* as bytes sent/recevied to be monitored.
*/
@Deprecated
public static final Option ENABLE_CONNECTOR_STATISTICS = ENABLE_STATISTICS;
/**
* If unknown protocols should be allowed. The known protocols are:
*
* HTTP/0.9
* HTTP/1.0
* HTTP/1.1
* HTTP/2.0
*
* If this is false then requests that specify any other protocol will be rejected with a 400
*
* Defaults to false
*/
public static final Option ALLOW_UNKNOWN_PROTOCOLS = Option.simple(UndertowOptions.class, "ALLOW_UNKNOWN_PROTOCOLS", Boolean.class);
/**
* The size of the header table that is used in the encoder
*/
public static final Option HTTP2_SETTINGS_HEADER_TABLE_SIZE = Option.simple(UndertowOptions.class, "HTTP2_SETTINGS_HEADER_TABLE_SIZE", Integer.class);
public static final int HTTP2_SETTINGS_HEADER_TABLE_SIZE_DEFAULT = 4096;
/**
* If push should be enabled for this connection.
*/
public static final Option HTTP2_SETTINGS_ENABLE_PUSH = Option.simple(UndertowOptions.class, "HTTP2_SETTINGS_ENABLE_PUSH", Boolean.class);
/**
* The maximum number of concurrent http2 streams.
*/
public static final Option HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS = Option.simple(UndertowOptions.class, "HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS", Integer.class);
public static final int DEFAULT_HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS = -1;
public static final Option HTTP2_SETTINGS_INITIAL_WINDOW_SIZE = Option.simple(UndertowOptions.class, "HTTP2_SETTINGS_INITIAL_WINDOW_SIZE", Integer.class);
public static final Option HTTP2_SETTINGS_MAX_FRAME_SIZE = Option.simple(UndertowOptions.class, "HTTP2_SETTINGS_MAX_FRAME_SIZE", Integer.class);
/**
* Deprecated, as it is effectively a duplicate of MAX_HEADER_SIZE
*
* @see #MAX_HEADER_SIZE
*/
@Deprecated
public static final Option HTTP2_SETTINGS_MAX_HEADER_LIST_SIZE = Option.simple(UndertowOptions.class, "HTTP2_SETTINGS_MAX_HEADER_LIST_SIZE", Integer.class);
/**
* The maximum amount of padding to send in a HTTP/2 frame. Actual amount will be randomly determined, defaults to Zero.
*/
public static final Option HTTP2_PADDING_SIZE = Option.simple(UndertowOptions.class, "HTTP2_PADDING_SIZE", Integer.class);
/**
* Undertow keeps a LRU cache of common huffman encodings. This sets the maximum size, setting this to 0 will disable the caching.
*
*/
public static final Option HTTP2_HUFFMAN_CACHE_SIZE = Option.simple(UndertowOptions.class, "HTTP2_HUFFMAN_CACHE_SIZE", Integer.class);
/**
* The maximum number of concurrent requests that will be processed at a time. This differs from max concurrent streams in that it is not sent to the remote client.
*
* If the number of pending requests exceeds this number then requests will be queued, the difference between this and max concurrent streams determines
* the maximum number of requests that will be queued.
*
* Queued requests are processed by a priority queue, rather than a FIFO based queue, using HTTP2 stream priority.
*
* If this number is smaller than or equal to zero then max concurrent streams determines the maximum number of streams that can be run.
*
*
*/
public static final Option MAX_CONCURRENT_REQUESTS_PER_CONNECTION = Option.simple(UndertowOptions.class, "MAX_CONCURRENT_REQUESTS_PER_CONNECTION", Integer.class);
/**
* The maximum number of buffers that will be used before reads are paused in framed protocols. Defaults to 10
*/
public static final Option MAX_QUEUED_READ_BUFFERS = Option.simple(UndertowOptions.class, "MAX_QUEUED_READ_BUFFERS", Integer.class);
/**
* The maximum AJP packet size, default is 8192
*/
public static final Option MAX_AJP_PACKET_SIZE = Option.simple(UndertowOptions.class, "MAX_AJP_PACKET_SIZE", Integer.class);
/**
* If this is true then HTTP/1.1 requests will be failed if no host header is present.
*/
public static final Option REQUIRE_HOST_HTTP11 = Option.simple(UndertowOptions.class, "REQUIRE_HOST_HTTP11", Boolean.class);
public static final int DEFAULT_MAX_CACHED_HEADER_SIZE = 150;
/**
* The maximum size of a header name+value combo that is cached in the per connection cache. Defaults to 150
*/
public static final Option MAX_CACHED_HEADER_SIZE = Option.simple(UndertowOptions.class, "MAX_CACHED_HEADER_SIZE", Integer.class);
public static final int DEFAULT_HTTP_HEADERS_CACHE_SIZE = 15;
/**
* The maximum number of headers that are cached per connection. Defaults to 15. If this is set to zero the cache is disabled.
*/
public static final Option HTTP_HEADERS_CACHE_SIZE = Option.simple(UndertowOptions.class, "HTTP_HEADERS_CACHE_SIZE", Integer.class);
/**
* If the SSLEngine should prefer the servers cipher version. Only applicable on JDK8+.
*/
public static final Option SSL_USER_CIPHER_SUITES_ORDER = Option.simple(UndertowOptions.class, "SSL_USER_CIPHER_SUITES_ORDER", Boolean.class);
/**
* This option forces {@link io.undertow.protocols.ssl.UndertowXnioSsl} to use a specific
* name as the {@link javax.net.ssl.SNIHostName} for a client connection. If the option is
* not set, the URL hostname is used when available (for URLs that do not use the IP address).
* The option can be useful when connecting via IP but want to set a SNI hostname value.
*/
public static final Option SSL_SNI_HOSTNAME = Option.simple(UndertowOptions.class, "SSL_SNI_HOSTNAME", String.class);
public static final Option ALLOW_UNESCAPED_CHARACTERS_IN_URL = Option.simple(UndertowOptions.class,"ALLOW_UNESCAPED_CHARACTERS_IN_URL", Boolean.class);
/**
* The server shutdown timeout in milliseconds after which the executor will be forcefully shut down interrupting
* tasks which are still executing.
*
* There is no timeout by default.
*/
public static final Option SHUTDOWN_TIMEOUT = Option.simple(UndertowOptions.class, "SHUTDOWN_TIMEOUT", Integer.class);
/**
* The endpoint identification algorithm, the empty string can be used to set none.
*
* @see javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String)
*/
public static final Option ENDPOINT_IDENTIFICATION_ALGORITHM = Option.simple(UndertowOptions.class, "ENDPOINT_IDENTIFICATION_ALGORITHM", String.class);
/**
* The maximum numbers of frames that can be queued before reads are suspended. Once this number is hit then reads will not be resumed until {@link #QUEUED_FRAMES_LOW_WATER_MARK}
* is hit.
*
* Defaults to 50
*/
public static final Option QUEUED_FRAMES_HIGH_WATER_MARK = Option.simple(UndertowOptions.class, "QUEUED_FRAMES_HIGH_WATER_MARK", Integer.class);
/**
* The point at which reads will resume again after hitting the high water mark
*
* Defaults to 10
*/
public static final Option QUEUED_FRAMES_LOW_WATER_MARK = Option.simple(UndertowOptions.class, "QUEUED_FRAMES_LOW_WATER_MARK", Integer.class);
/**
* The AJP protocol itself supports the passing of arbitrary request attributes.
* The reverse proxy passes various information to the AJP connector using request attributes through AJP protocol.
* Unrecognised request attributes will be ignored unless the entire attribute name matches this regular expression.
*
* If not specified, the default value is null.
*/
public static final Option AJP_ALLOWED_REQUEST_ATTRIBUTES_PATTERN = Option.simple(UndertowOptions.class, "AJP_ALLOWED_REQUEST_ATTRIBUTES_PATTERN", String.class);
/**
* Default value of {@link #RST_FRAMES_TIME_WINDOW} option.
*/
public static final int DEFAULT_RST_FRAMES_TIME_WINDOW = 30000;
/**
* Default value of {@link #MAX_RST_FRAMES_PER_WINDOW} option.
*/
public static final int DEFAULT_MAX_RST_FRAMES_PER_WINDOW = 200;
/**
* Window of time per which the number of HTTP2 RST received frames is measured, in milliseconds.
* If a number of RST frames bigger than {@link #MAX_RST_FRAMES_PER_WINDOW} is received during this time window,
* the server will send a GO_AWAY frame with error code 11 ({@code ENHANCE_YOUR_CALM}) and it will close the connection.
*/
public static final Option RST_FRAMES_TIME_WINDOW = Option.simple(UndertowOptions.class, "MAX_RST_STREAM_TIME_WINDOW", Integer.class);
/**
* Maximum number of HTTP2 RST frames received allowed during a time window.
* If a number of RST frames bigger than this limit is received during {@link #RST_FRAMES_TIME_WINDOW} milliseconds,
* the server will send a GO_AWAY frame with error code 11 ({@code ENHANCE_YOUR_CALM}) and it will close the connection.
*/
public static final Option MAX_RST_FRAMES_PER_WINDOW = Option.simple(UndertowOptions.class, "MAX_RST_STREAMS_PER_TIME_WINDOW", Integer.class);
private UndertowOptions() {
}
}