Controller application server
The Fortify ScanCentral SAST Controller installation includes the supported Apache® Tomcat™ version 10.1.x that runs on JRE 17.
OpenText recommends using the Tomcat version that is originally shipped. Other versions of Tomcat are not supported.
Use the connector attribute maxPartCount to help prevent DoS attacks. By default, it is set to 10. For more information, refer to Tomacat 10.1 documentation.
If you want to keep the latest release of Tomcat 10.1, add the following attribute to the relevant
<Connector> element in the server.xml file: maxPartCount=-1
For example:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" maxPartCount=-1
secure="true" defaultSSLHostConfigName="<SSLhostconfig>">