openstack/keystone
Code Issues Proposed changes

Add LimitRequestBody to sample httpd config

Browse Source 
Web servers that are exposed to the Internet eventually gain a
security feature of limiting the amount of data in the request
body. In Apache Httpd, this is provided by the LimitRequestBody
directive. This is added to the sample Httpd config file.

The limit is set for only the keystone services so it won't
affect other services running in Httpd.

The value of 114688 was picked because it's the current limit
on request body that oslo.middleware's sizelimit function puts
on requests to keystone.

Use of oslo.middleware's sizelimit re-implementation can be
deprecated.

Docs:
- http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody

ReleaseNotesImpact

Closes-Bug: 1481048
Change-Id: I5509e4b65900c15dd0b5fda43b1d5bb4dc3ff5ff
This commit is contained in:
Brant Knudson 2015-08-02 09:33:01 -05:00
parent 6073ccb512
commit f5e256b422
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
httpd/wsgi-keystone.conf
View File

@ -7,6 +7,7 @@ Listen 35357
WSGIScriptAlias / /usr/local/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
@ -30,6 +31,7 @@ Listen 35357
WSGIScriptAlias / /usr/local/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>