yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1481048] Re: Sample httpd config should have LimitRequestBody

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Doug Hellmann <doug@xxxxxxxxxxxxxxxx>
Date: Thu, 03 Dec 2015 20:57:36 -0000
Reply-to: Bug 1481048 <1481048@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1481048

Title:
  Sample httpd config should have LimitRequestBody

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  
  Apache Httpd provides a well-tested way to limit the size of the request body via the LimitRequestBody directive, see http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody . This is an important option for a secure deployment since it prevents clients from crashing the server by sending large requests, causing a DoS. As such, keystone's sample httpd file should specify LimitRequestBody so that deployers know to set it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1481048/+subscriptions

References

[Bug 1481048] [NEW] Sample httpd config should have LimitRequestBody
From: Brant Knudson, 2015-08-03