You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/09/22 13:25:00 UTC

[jira] [Work logged] (KNOX-2806) Implement a new DoS security provider

     [ https://issues.apache.org/jira/browse/KNOX-2806?focusedWorklogId=811228&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-811228 ]

ASF GitHub Bot logged work on KNOX-2806:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 22/Sep/22 13:24
            Start Date: 22/Sep/22 13:24
    Worklog Time Spent: 10m 
      Work Description: MrtnBalazs opened a new pull request, #634:
URL: https://github.com/apache/knox/pull/634

   ## What changes were proposed in this pull request?
   
   (Please fill in changes proposed in this fix)
   
   ## How was this patch tested?
   
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 811228)
    Remaining Estimate: 0h
            Time Spent: 10m

> Implement a new DoS security provider
> -------------------------------------
>
>                 Key: KNOX-2806
>                 URL: https://issues.apache.org/jira/browse/KNOX-2806
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 2.0.0
>            Reporter: Sandor Molnar
>            Assignee: Balazs Marton
>            Priority: Major
>             Fix For: 2.0.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> There is a need to implement a mechanism that prevents Knox from being attacked using DoS (Denial of Service).
> One elegant way is to reuse Jetty's own DoS filter in a way such that it can be configured as a new security provider:
>  * Maven project name: {{gateway-provider-security-dos}}
>  * Provider role: {{dos}}
>  * Provider name: {{JettyDoS}}
> In case someone wants to use this new feature, the new provider declaration has to be added to the top of the providers (it must be documented). When this provider is present in the topology, Jetty's DosFilter has to be contributed to the filter chain. That is, a new {{ProviderDeploymentContributor}} should be implemented that inserts the {{org.eclipse.jetty.servlets.DoSFilter}} into each resource that is available in the topology.
> References:
>  * [https://www.eclipse.org/jetty/documentation/jetty-9/index.html#dos-filter]
>  * [https://archive.eclipse.org/jetty/9.0.0.RC0/apidocs/org/eclipse/jetty/servlets/DoSFilter.html]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)