security-doc/security-notes/OSSN-0002
Luke Hinds 1bf55f1eb0 Added Authors to Security Notes
All OSSN authors, added under the "Author:" metadata field

Change-Id: I81771dd3ec8d2c133ebc6ddf9f2c5f0f958d603a
Closes-Bug: #1599064
2016-07-11 10:51:07 +00:00

38 lines
1.5 KiB
Plaintext

HTTP POST limiting advised to avoid Essex/Folsom Keystone DoS
---
### Summary ###
Concurrent Keystone POST requests with large body messages are held in memory
without filtering or rate limiting, this can lead to resource exhaustion on the
Keystone server.
### Affected Services / Software ###
Keystone, Databases
### Discussion ###
Keystone stores POST messages in memory before validation, concurrent
submission of multiple large POST messages can cause the Keystone process to be
killed due to memory exhaustion, resulting in a remote Denial of Service.
In many cases Keystone will be deployed behind a load-balancer or proxy that
can rate limit POST messages inbound to Keystone. Grizzly is protected
against that through the sizelimit middleware.
### Recommended Actions ###
If you are in a situation where Keystone is directly exposed to incoming POST
messages and not protected by the sizelimit middleware there are a number of
load-balancing/proxy options, we suggest you consider one of the following:
Nginx: Open-source, high-performance HTTP server and reverse proxy.
Nginx Config: http://wiki.nginx.org/HttpCoreModule#client_max_body_size
Apache: HTTP Server Project
Apache Config: http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody
### Contacts / References ###
Author: Robert Clark, HP
This OSSN Bug: https://bugs.launchpad.net/ossn/+bug/1155566
Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1098177
OpenStack Security ML : openstack-security@lists.openstack.org
OpenStack Security Group : https://launchpad.net/~openstack-ossg