You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/01/19 21:13:00 UTC

[jira] [Commented] (NIFI-9481) Exclude HTTP Site-to-Site Communication from DoS Filter

    [ https://issues.apache.org/jira/browse/NIFI-9481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17478989#comment-17478989 ] 

ASF subversion and git services commented on NIFI-9481:
-------------------------------------------------------

Commit fc27b3138bba69c52d3c7e4158c77a265410981f in nifi's branch refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=fc27b31 ]

NIFI-9481 Excluded Data Transfer REST methods from DoSFilter

- Added DataTransferDoSFilter with request URI evaluation
- Added RequestFilterProvider and implementations to abstract Jetty Filter configuration

Signed-off-by: Joe Gresock <jg...@gmail.com>

This closes #5670.


> Exclude HTTP Site-to-Site Communication from DoS Filter
> -------------------------------------------------------
>
>                 Key: NIFI-9481
>                 URL: https://issues.apache.org/jira/browse/NIFI-9481
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Security
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> The Jetty Denial of Service Filter introduced in NiFi 1.12.0 applied rate limiting and processing timeouts to all HTTP requests that NiFi received through Jetty. This approach created potential problems when sending and receiving files using Site-to-Site over HTTP, prompting the introducing of configurable request timeout properties in NiFi 1.14.0.
> Although configuring a large request timeout mitigates most issues, HTTP Site-to-Site transmission with high data volumes can make it difficult to select an optimal value for the request timeout property. Excluding specific Site-to-Site HTTP REST resource methods from request timeout filtering avoids potential problems on deployments with large volumes of data or transmission over slow network links.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)