Request Security Considerations
AM can receive requests from multiple sources and for different purposes, such as authentication requests, RESTful requests to the endpoints, and POSTs that potentially may include a lot of data.
Containers usually have settings to mitigate againstattacks that POST large amounts of form data to your applications. Refer to your container documentation for more information about their settings, and how they can protect AM.
These settings, however, do not protect AM from receiving large amounts of POST data from other sources.
The following table summarizes the steps AM takes to protect against being overloaded, and how to adjust default values:
Controlling the Maximum Size of Decompressed JWTs
By default, AM rejects JWTs that expand to a size larger than 32 KiB (32768 bytes) when decrypted.
Limiting the Size of the Request Body
By default, AM rejects incoming requests whose body is larger than 1 MB (1048576 bytes) in size.