shanyingying created RANGER-4420: ------------------------------------ Summary: Fixing the "Slow HTTP Denial of Service (DoS) Attack" vulnerability for Ranger Admin. Key: RANGER-4420 URL: https://issues.apache.org/jira/browse/RANGER-4420 Project: Ranger Issue Type: Improvement Components: admin, Ranger Reporter: shanyingying
For Ranger Admin, we detected the vulnerability "Slow HTTP Denial of Service (DoS) Attack". This is because the embedded tomcat code is not set in the connectionTimeout parameters, we can increase the configurable parameters "ranger. Service. HTTP. Connector. Attrib. ConnectionTimeout" to repair it. {code:java} server.getConnector().setAttribute("connectionTimeout",EmbeddedServerUtil.getLongConfig("ranger.service.http.connector.attrib.connectionTimeout", 10000L)); {code} At the same time, we can modify the value in the "ranger-admin-site.xml" configuration file, which is set to 10000ms by default. -- This message was sent by Atlassian Jira (v8.20.10#820010)