From bd593ddbe67715534b404f3138298ab1232490f5 Mon Sep 17 00:00:00 2001 From: Erno Kuvaja Date: Thu, 6 Aug 2015 16:33:07 +0000 Subject: [PATCH] Setting default max_request_id_length to 64 Setting sensible maximum size for Request ID. 64 should be enough for normal use cases but limited enough from current 16384 to not flood the logs by malicious requests. DocImpact SecurityImpact Related-to-bug: #1482301 Change-Id: I52ebf810f4699826baa2bdf91d28e24d902cf950 --- doc/source/configuring.rst | 2 +- glance/api/middleware/context.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/source/configuring.rst b/doc/source/configuring.rst index 9a93f9f291..3a0639d00b 100644 --- a/doc/source/configuring.rst +++ b/doc/source/configuring.rst @@ -197,7 +197,7 @@ Optional. Default: The number of CPUs available will be used by default. Limits the maximum size of the x-openstack-request-id header which is logged. Affects only if context middleware is configured in pipeline. -Optional. Default: ``0`` (Limited by max_header_line default: 16384) +Optional. Default: ``64`` (Limited by max_header_line default: 16384) Configuring SSL Support ~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/glance/api/middleware/context.py b/glance/api/middleware/context.py index b53e4f6e46..5369fda4fd 100644 --- a/glance/api/middleware/context.py +++ b/glance/api/middleware/context.py @@ -38,7 +38,7 @@ context_opts = [ help=_('Allow unauthenticated users to access the API with ' 'read-only privileges. This only applies when using ' 'ContextMiddleware.')), - cfg.IntOpt('max_request_id_length', default=0, + cfg.IntOpt('max_request_id_length', default=64, help=_('Limits request ID length.')), ]