s3api: Make allowable clock skew configurable
While we're at it, make the default match AWS's 15 minute limit (instead
of our old 5 minute limit).
UpgradeImpact
=============
This (somewhat) weakens some security protections for requests over the
S3 API; operators may want to preserve the prior behavior by setting
allowable_clock_skew = 300
in the [filter:s3api] section of their proxy-server.conf
Co-Authored-By: Alistair Coles <alistairncoles@gmail.com>
Change-Id: I0da777fcccf056e537b48af4d3277835b265d5c9
This commit is contained in:
Tim Burke
committed by
Alistair Coles
Alistair Coles
parent
83233e7b36
commit
10d9a737d8
@@ -613,6 +613,10 @@ use = egg:swift#s3api
|
||||
# AWS S3 document says that each part must be at least 5 MB in a multipart
|
||||
# upload, except the last part.
|
||||
# min_segment_size = 5242880
|
||||
#
|
||||
# AWS allows clock skew up to 15 mins; note that older versions of swift/swift3
|
||||
# allowed at most 5 mins.
|
||||
# allowable_clock_skew = 900
|
||||
|
||||
# You can override the default log routing for this filter here:
|
||||
# log_name = s3api
|
||||
|
||||
Reference in New Issue
Block a user