yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1481048] [NEW] Sample httpd config should have LimitRequestBody

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Brant Knudson <bknudson@xxxxxxxxxx>
Date: Mon, 03 Aug 2015 18:37:59 -0000
Reply-to: Bug 1481048 <1481048@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:


Apache Httpd provides a well-tested way to limit the size of the request body via the LimitRequestBody directive, see http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody . This is an important option for a secure deployment since it prevents clients from crashing the server by sending large requests, causing a DoS. As such, keystone's sample httpd file should specify LimitRequestBody so that deployers know to set it.

** Affects: keystone
     Importance: Undecided
     Assignee: Brant Knudson (blk-u)
         Status: In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1481048

Title:
  Sample httpd config should have LimitRequestBody

Status in Keystone:
  In Progress

Bug description:
  
  Apache Httpd provides a well-tested way to limit the size of the request body via the LimitRequestBody directive, see http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody . This is an important option for a secure deployment since it prevents clients from crashing the server by sending large requests, causing a DoS. As such, keystone's sample httpd file should specify LimitRequestBody so that deployers know to set it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1481048/+subscriptions

Follow ups

[Bug 1481048] Re: Sample httpd config should have LimitRequestBody
From: Doug Hellmann, 2015-12-04