You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/07/14 17:43:00 UTC

[jira] [Commented] (NIFI-7304) Default value for content length filter blocks Site to Site communication

    [ https://issues.apache.org/jira/browse/NIFI-7304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17157542#comment-17157542 ] 

ASF subversion and git services commented on NIFI-7304:
-------------------------------------------------------

Commit dbee774c5b95121b2d89621fc66f8a215c15ad7c in nifi's branch refs/heads/main from Andy LoPresto
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=dbee774 ]

NIFI-7304 Removed default value for nifi.web.max.content.size.
Added Bundle#toString() method.
Refactored implementation of filter addition logic.
Added logging.
Added unit tests to check for filter enablement.
Introduced content-length exception handling in StandardPublicPort.
Added filter bypass functionality for framework requests in ContentLengthFilter.
Updated property documentation in Admin Guide.
Renamed methods & added Javadoc to clarify purpose of filters in JettyServer.
Cleaned up conditional logic in StandardPublicPort.
Moved ContentLengthFilterTest to correct module.
Refactored unit tests for accuracy and clarity.
Fixed remaining merge conflict due to method renaming.

Signed-off-by: Joe Witt <jo...@gmail.com>


> Default value for content length filter blocks Site to Site communication
> -------------------------------------------------------------------------
>
>                 Key: NIFI-7304
>                 URL: https://issues.apache.org/jira/browse/NIFI-7304
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.12.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Blocker
>              Labels: cluster, filter, http, replication, security, site-to-site
>             Fix For: 1.12.0
>
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> When the content-length filter was introduced in NIFI-7153, it did not separate Site to Site (S2S) or cluster request replication requests from user-generated requests. With the default value of 20 MB, it is very likely that legitimate requests of this nature will be unexpectedly blocked. 
> The immediate fix is to change the default value in {{nifi.properties}} to empty and only enable this functionality when a value is provided. 
> A subtask will be opened to investigate if these requests should be excluded from the length limiting filter (either by convention or via an admin-enumerated exclusion list/setting). 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)