Request Security Considerations

AM can receive requests from multiple sources and for different purposes, such as authentication requests, RESTful requests to the endpoints, and POSTs that potentially may include a lot of data.

Containers usually have settings to mitigate against DoS attacks that POST large amounts of form data to your applications. Refer to your container documentation for more information about their settings, and how they can protect AM.

These settings, however, do not protect AM from receiving large amounts of POST data from other sources.

The following table summarizes the steps AM takes to protect against being overloaded, and how to adjust default values:


Controlling the Maximum Size of Decompressed JWTs

By default, AM rejects JWTs that expand to a size larger than 32 KiB (32768 bytes) when decrypted.

"Controlling the Maximum Size of Compressed JWTs".

Limiting the Size of the Request Body

By default, AM rejects incoming requests whose body is larger than 1 MB (1048576 bytes) in size.

"Limiting the Size of the Request Body".

Read a different version of :