ratelimit doesn't filter requests very well
Bug #1669888 reported by
John Dickinson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
Low
|
Unassigned |
Bug Description
The ratelimit middleware attempts to rate limit a request if the request patch has at least 4 elements delineated by a '/'. It attempts to do account HEAD requests to the second element.
If the ratelimit middleware is placed before pipeline elements that mutate the path (eg swift3, domain_remap), then the ratelimit middleware ends up generating a lot of spurious subrequests that will fail.
At a minimum, we should better document what ratelimit is looking for and/or where it should be in the pipeline. We should also probably filter the first element of split_path() in ratelimit to look for valid swift api versions (swift.conf 'valid_
tags: | added: low-hanging-fruit |
Changed in swift: | |
importance: | Undecided → Low |
Changed in swift: | |
status: | New → Confirmed |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/540092 /git.openstack. org/cgit/ openstack/ swift/commit/ ?id=6994a2e392b e4096beb49bd33e 1a507dd04d491e
Committed: https:/
Submitter: Zuul
Branch: master
commit 6994a2e392be409 6beb49bd33e1a50 7dd04d491e
Author: Samuel Merritt <email address hidden>
Date: Wed Jan 31 17:05:28 2018 -0800
ratelimit: ignore requests with invalid API versions
If you've got things like domain_remap, swift3, or other such /<container> /<object> ". When encountering such
middlewares in your pipeline, you wind up with requests that aren't of
the form "/v1/<account>
an oddball request, it's not useful to call get_account_info() on the
second path component since it's probably not an account.
This commit makes the ratelimit middleware skip requests that don't
start with either "/v1" or "/v1.0". The requests will still be
handled, but they won't be rate-limited.
Change-Id: I9980cd0e902610 ac99d13a502ae95 5bca2d99df3
Closes-Bug: 1669888
Closes-Bug: 1695273