Secure requests

AM receives requests from multiple sources and for different purposes, such as authentication requests, RESTful requests to the endpoints, and POST requests that might include a lot of data.

Containers usually have settings to mitigate against denial of service (DoS) attacks that POST large amounts of form data to your applications. Refer to your container documentation for more information about their settings, and how they can protect AM.

These settings, however, do not protect AM from receiving large amounts of POST data from other sources.

The following table summarizes the steps AM takes to protect against being overloaded, and how to adjust default values:

Task	Resources
Control the maximum size of decompressed JWTs By default, AM rejects JWTs that expand to a size larger than 32 KiB (32768 bytes) when decrypted.	Control the size of compressed JWTs
Limit the size of the request body By default, AM rejects incoming requests whose body is larger than 1 MB (1048576 bytes) in size.	Limit the size of the request body

Task

Resources

Control the maximum size of decompressed JWTs

By default, AM rejects JWTs that expand to a size larger than 32 KiB (32768 bytes) when decrypted.

Control the size of compressed JWTs

Limit the size of the request body

By default, AM rejects incoming requests whose body is larger than 1 MB (1048576 bytes) in size.

Limit the size of the request body

AM 7.3.1

Secure requests