More flexible max memory limitation against OutOfMemory.

[georgeOsdDev]

@ngocdaothanh
Thanks #656 and it enabled to prevent single big file request.
But there are some vulnerability.
I want to allow user to upload big file and prevent evil request.
Is there any way to protect service from those evil scenario?

• Evil Scenario 1:
  Many requests less than maxSizeInMB at same time.

xitrum.conf

request {
    maxSizeInMB = 1024
    maxSizeInKBOfUploadMem = 16
  }

Using not isAPPLICATION_X_WWW_FORM_URLENCODED_or_MULTIPART_FORM_DATA header with less than 1024MB body at same time.

cmd="printf \"ttt=%01000000000d\" 0 | curl -X POST http://localhost:8000/xxx -H \"Content-Type: application/xml\" -d @-"
 bash -c $cmd & bash -c $cmd & bash -c $cmd & bash -c $cmd & bash -c $cmd & bash -c $cmd & bash -c $cmd & bash -c $cmd &
...

• Evil Scenario 2:
  Too many small file less than maxSizeInKBOfUploadMem in one request.

xitrum.conf(Unrealistic value to make it easier to reproduce)

request {
    maxSizeInMB = 10240
    maxSizeInKBOfUploadMem = 1024000
  }

curl -X POST http://localhost:8000 -F "[email protected]" -F "[email protected]" -F "[email protected]" -F "[email protected]" -F "[email protected]" -F "[email protected]" -F "[email protected]" -F "[email protected]" -F "[email protected]" -F "[email protected]"

[ngocdaothanh]

I think the only solution is throttling the traffic, using these:
http://netty.io/4.1/api/io/netty/handler/traffic/package-frame.html

You can customize Xitrum's handlers pipeline to add the handlers above:
https://xitrum-framework.github.io/guide/3.28/html/en/handler.html

If there's a load balancer before Xitrum, maybe you can configure the load balancer to do the traffic throttling.