Weblogic – Maximum Message Size (All protocols) – Guard your servers against DoS/DDoS.

Weblogic allows us to configure connection settings for various communication protocols that it can use.

One of the most important setting is – Maximum Message Size, The maximum number of bytes allowed in messages that are received over all supported protocols, unless overridden by a protocol-specific setting or a custom channel setting.

The default value is 10MB (It’s secure as per Oracle).

This maximum message size helps guard against a denial of service attack in which a caller attempts to force the server to allocate more memory than is available thereby keeping the server from responding quickly to other requests.

You can increase this value upto 20MB (You can decrease this to 4096 bytes as well!!) but setting this value higher or lower under Server/Protocols/General will set it for all protocols.

So if you see this error,

<21-Dec-2014 13:04:03 o'clock GMT> <Error> <Socket> <BEA-000403> <IOException occurred on socket: Socket[addr=/172.16.51.121,port=7854,localport=60805]
weblogic.socket.MaxMessageSizeExceededException: Incoming message of size: '10000080' bytes exceeds the configured maximum of: '10000000' bytes for protocol: 't3'.
weblogic.socket.MaxMessageSizeExceededException: Incoming message of size: '10000080' bytes exceeds the configured maximum of: '10000000' bytes for protocol: 't3'
            at weblogic.socket.BaseAbstractMuxableSocket.incrementBufferOffset(BaseAbstractMuxableSocket.java:180)
            at weblogic.socket.BaseAbstractMuxableSocket.incrementBufferOffset(BaseAbstractMuxableSocket.java:171)
            at weblogic.rjvm.t3.MuxableSocketT3.incrementBufferOffset(MuxableSocketT3.java:425)
            at weblogic.socket.SocketMuxer.readFromSocket(SocketMuxer.java:1015)
            at weblogic.socket.NIOSocketMuxer.readFromSocket(NIOSocketMuxer.java:650)
            Truncated. see log file for complete stacktrace

 

You can not use -DWeblogic with following parameters as,

MaxHTTPMessageSize, MaxT3MessageSize, and MaxCOMMessageSize have been deprecated since Oracle WebLogic Server 8.1. Instead of using these protocol specific parameters, use separate network channels configured with a MaxMessageSize to limit the incoming messages.