From 39d30a411a9254dd7cc2e7d2e0459d2fd4ccacef Mon Sep 17 00:00:00 2001
From: Abhisar Sinha <63767682+abh1sar@users.noreply.github.com>
Date: Mon, 20 Jan 2025 16:58:03 +0530
Subject: [PATCH 1/2] add request.max.form.keys to server.properties

---
 client/conf/server.properties.in                       |  5 ++++-
 .../main/java/org/apache/cloudstack/ServerDaemon.java  | 10 ++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/client/conf/server.properties.in b/client/conf/server.properties.in
index 57d81c812178..226e477219df 100644
--- a/client/conf/server.properties.in
+++ b/client/conf/server.properties.in
@@ -30,7 +30,10 @@ http.port=8080
 session.timeout=30
 
 # Max allowed API request payload/content size in bytes
-request.content.size=1048576
+request.content.size=100
+
+# Max allowed API request form keys
+request.max.form.keys=5000
 
 # Options to configure and enable HTTPS on the management server
 #
diff --git a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
index fb84e1297e6d..e33a4084e4e8 100644
--- a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
+++ b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
@@ -81,6 +81,8 @@ public class ServerDaemon implements Daemon {
     private static final String ACCESS_LOG = "access.log";
     private static final String REQUEST_CONTENT_SIZE_KEY = "request.content.size";
     private static final int DEFAULT_REQUEST_CONTENT_SIZE = 1048576;
+    private static final String REQUEST_MAX_FORM_KEYS_KEY = "request.max.form.keys";
+    private static final int DEFAULT_REQUEST_MAX_FORM_KEYS = 5000;
 
     ////////////////////////////////////////////////////////
     /////////////// Server Configuration ///////////////////
@@ -93,6 +95,7 @@ public class ServerDaemon implements Daemon {
     private int httpsPort = 8443;
     private int sessionTimeout = 30;
     private int maxFormContentSize = DEFAULT_REQUEST_CONTENT_SIZE;
+    private int maxFormKeys = DEFAULT_REQUEST_MAX_FORM_KEYS;
     private boolean httpsEnable = false;
     private String accessLogFile = "access.log";
     private String bindInterface = null;
@@ -140,6 +143,7 @@ public void init(final DaemonContext context) {
             setAccessLogFile(properties.getProperty(ACCESS_LOG, "access.log"));
             setSessionTimeout(Integer.valueOf(properties.getProperty(SESSION_TIMEOUT, "30")));
             setMaxFormContentSize(Integer.valueOf(properties.getProperty(REQUEST_CONTENT_SIZE_KEY, String.valueOf(DEFAULT_REQUEST_CONTENT_SIZE))));
+            setMaxFormKeys(Integer.valueOf(properties.getProperty(REQUEST_MAX_FORM_KEYS_KEY, String.valueOf(DEFAULT_REQUEST_MAX_FORM_KEYS))));
         } catch (final IOException e) {
             LOG.warn("Failed to read configuration from server.properties file", e);
         } finally {
@@ -191,6 +195,7 @@ public void start() throws Exception {
         // Extra config options
         server.setStopAtShutdown(true);
         server.setAttribute(ContextHandler.MAX_FORM_CONTENT_SIZE_KEY, maxFormContentSize);
+        server.setAttribute(ContextHandler.MAX_FORM_KEYS_KEY, maxFormKeys);
 
         // HTTPS Connector
         createHttpsConnector(httpConfig);
@@ -263,6 +268,7 @@ private Pair<SessionHandler,HandlerCollection> createHandlers() {
         webApp.setContextPath(contextPath);
         webApp.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
         webApp.setMaxFormContentSize(maxFormContentSize);
+        webApp.setMaxFormKeys(maxFormKeys);
 
         // GZIP handler
         final GzipHandler gzipHandler = new GzipHandler();
@@ -365,4 +371,8 @@ public void setSessionTimeout(int sessionTimeout) {
     public void setMaxFormContentSize(int maxFormContentSize) {
         this.maxFormContentSize = maxFormContentSize;
     }
+
+    public void setMaxFormKeys(int maxFormKeys) {
+        this.maxFormKeys = maxFormKeys;
+    }
 }

From e3be88da7f64023dcd7fb4c2bf640619ae5c9ae4 Mon Sep 17 00:00:00 2001
From: Abhisar Sinha <63767682+abh1sar@users.noreply.github.com>
Date: Mon, 20 Jan 2025 17:54:21 +0530
Subject: [PATCH 2/2] fix request.content.size in server.properties

---
 client/conf/server.properties.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/conf/server.properties.in b/client/conf/server.properties.in
index 226e477219df..0a6078048d36 100644
--- a/client/conf/server.properties.in
+++ b/client/conf/server.properties.in
@@ -30,7 +30,7 @@ http.port=8080
 session.timeout=30
 
 # Max allowed API request payload/content size in bytes
-request.content.size=100
+request.content.size=1048576
 
 # Max allowed API request form keys
 request.max.form.keys=5000