OpenStack Identity (Keystone)

block really large requests

Reported by Dan Prince on 2013-01-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Keystone
High
Dan Prince

Bug Description

There is no reason keystone needs to accept really large HTTP requests. We should block them globally for security.

Dan Prince (dan-prince) on 2013-01-13
Changed in keystone:
assignee: nobody → Dan Prince (dan-prince)
importance: Undecided → High
status: New → In Progress

Reviewed: https://review.openstack.org/19567
Committed: http://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
Submitter: Jenkins
Branch: master

commit 7691276b869a86c2b75631d5bede9f61e030d9d8
Author: Dan Prince <email address hidden>
Date: Sat Jan 12 22:22:42 2013 -0500

    Limit the size of HTTP requests.

    Adds a new RequestBodySizeLimiter middleware to guard against
    really large HTTP requests. The default max request size is 112k
    although this limit is configurable via the 'max_request_body_size'
    config parameter.

    Fixes LP Bug #1099025.

    Change-Id: Id51be3d9a0d829d63d55a92dca61a39a17629785

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-02-21
Changed in keystone:
milestone: none → grizzly-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-04-04
Changed in keystone:
milestone: grizzly-3 → 2013.1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers