Reject overly-taxing ranged-GET requests
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-api-site |
Fix Released
|
Medium
|
Diane Fleming |
Bug Description
https:/
commit 4d23a0fcf5faa63
Author: Samuel Merritt <email address hidden>
Date: Thu Aug 28 09:39:38 2014 -0800
Reject overly-taxing ranged-GET requests
RFC 7233 says that servers MAY reject egregious range-GET requests
such as requests with hundreds of ranges, requests with non-ascending
ranges, and so on.
Such requests are fairly hard for Swift to process. Consider a Range
header that asks for the first byte of every 10th MiB in a 4 GiB
object, but in some random order. That'll cause a lot of seeks on the
object server, but the corresponding response body is quite small in
comparison to the workload.
This commit makes Swift reject, with a 416 response, any ranged GET
request with more than fifty ranges, more than three overlapping
ranges, or more than eight non-increasing ranges.
This is a necessary prerequisite for supporting multi-range GETs on
large objects. Otherwise, a malicious user could construct a Range
header with hundreds of byte ranges where each individual byterange
requires the proxy to contact a different object server. If seeking
all over a disk is bad, connecting all over the cluster is way worse.
DocImpact
Change-Id: I4dcedcaae6c3de
no longer affects: | openstack-manuals |
Changed in openstack-api-site: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in openstack-api-site: | |
assignee: | nobody → Diane Fleming (diane-fleming) |
milestone: | none → mitaka |
This seems "Range" issue. developer. openstack. org/api- ref-objectstora ge-v1.html# getObject
And this is not a problem for usual case.
The problematic case is overlapping the range (to attack data transfer)
So I think it is no need to write down.
If it still needs description, it needs to write Note on Range.
http://