I've created a PUT endpoint on a tomcat server using Spring boot. For safety reasons, I don't want the body size to exceed a certain amount, so I was checking whether there is a limit as there is for POST requests (which I know stays at 2MB)
At the same time I don't find any documentation for the PUT requests. Is there a limit for those too?
Related
I'm currently using an API Gateway to listen for web-hooks, and then the web-hook's payload is then offloaded to a lambda. The problem is that the web-hook's payload size can vary. I'm aware that API Gateway's allows for request of 10 MBs; while, lambdas allow only up to 6 MBs. Due to that, I don't want accept any payloads that exceed 6 MB. So I'm wondering if there's any way to filter out request prior to hitting my lambda that exceed 6MBs or some desired amount?
Also I've look into AWS' WAF, but that seems to only apply to request under 8KB if you use a size constraint statement. I don't think this would work in my case as I can easily see the payloads exceeding that amount.
I have a REST API that is expected to receive a large payload as request body. The API calls a blocking method that takes 2 seconds to process each request and then returns 200 OK. I wish to introduce throttling based on available memory such that the API returns 429 Too Many Request when the available memory falls below a threshold.
When the threshold condition is met, I wish to reject subsequent requests right away, even before loading the large request payloads in my application memory. This will also give me some protection against denial of service attacks.
In a Java EE, Tomcat environment, if I use a Filter to check available memory, I understand the complete request is already loaded in memory. Is it then better to add the check in ServletRequestListener.requestInitialized method so that I can reject the request even before the app receives it?
P.S. I use the below formula to calculate available memory based on this SO post:
long presumableFreeMemory =
Runtime.getRuntime().maxMemory()
- Runtime.getRuntime().totalMemory()
+ Runtime.getRuntime().freeMemory();
I have an angularjs app that calls a RESTful service at apiary.io
Does apiary.io throttle responses and delay responses after a certain number have been received?
If so what are the parameters?
Currently, Apiary limits you for 120 reqs/minute/IP.
There are no artificial delays, but occasionally someones floods Apiary with production traffic and even when ratelimiting is fairly efficient, it may temporarily degrade service for other users.
You can (and should) check X-Apiary-RateLimit-Limit and X-Apiary-RateLimit-Remaining header. Once you'll hit the limit, Apiary will sent Retry-After header you should obey.
From their docs:
API Call Limit
API calls are subject to the default limit of 15 requests per second and exceeding this limit will result in all endpoints returning an HTTP status code of 429. Limits are per API key. If the limit is exceeding then the API Key will be blocked for the remainder of the sample period. If an API key continually hits the call limit we reserve the right to permanently block the key and to charge a fee to unblock the key.
To determine the API call amount we monitor the traffic over a sample period. If the traffic results in a particular API key reaching 80% of the limit (i.e., 12 if the limit is 15) over the sample period then the responses will start to contain a throttle node which contains useful information on how close you are to reaching the call limit.
I have enabled some cache policies on a few resources end points. System works quite well, response is cached, the following requests hit the cache, cache is correctly refreshed when I set it to be refreshed.
My only concern is that sometimes a client makes a request that does not hit the cache (for example, because the cache must be refreshed), the server in that moment returns an error (it can happen, it's statistic...) and so the cached response is not a "normal" response (e.g. 2xx) but a 4xx, or a 5xx response.
I would like to know if it is possible to cache the response only if, for example, the server response code is 2xx.
I didn't find any example on Apigee docs for doing this, also if there are some parameters for the cache policy called "SkipCachePopulation" that I think I can use for this purpose.
Any suggestion?
Yes, you can use the SkipCachePopulation field of ResponseCache. It uses a condition to determine when the cache population will not occur. Here is an example:
<SkipCachePopulation>response.status.code >= 400</SkipCachePopulation>
I am trying to send a very long POST request as an AJAX call in my application. Up until the query length exceeds ~7585 characters (incl. page name) the request goes through fine. However, there is a definite limit going on as adding a single character will make the request fail.
I have ensured that the tomcat server.xml config does not specify maxPostSize, and the documentation says it defaults to 2MB, which is way more room than I am using.
Am I missing something here? I am suspicious that this is a limitation being imposed by the web browser (Firefox 3.6.18).
If this is just an unfortunate truth, how do people get around this? By batching the data into smaller chunks manually? It seems like this would be a common problem for people. Thanks!