[jira] [Created] (RANGER-4420) Fixing the "Slow HTTP Denial of Service (DoS) Attack" vulnerability for Ranger Admin.

shanyingying (Jira) Tue, 19 Sep 2023 21:48:05 -0700

shanyingying created RANGER-4420:
------------------------------------

             Summary: Fixing the "Slow HTTP Denial of Service (DoS) Attack" 
vulnerability for Ranger Admin.
                 Key: RANGER-4420
                 URL: https://issues.apache.org/jira/browse/RANGER-4420
             Project: Ranger
          Issue Type: Improvement
          Components: admin, Ranger
            Reporter: shanyingying



For Ranger Admin, we detected the vulnerability "Slow HTTP Denial of Service 
(DoS) Attack".

This is because the embedded tomcat code is not set in the connectionTimeout 
parameters, we can increase the configurable parameters "ranger. Service. HTTP. 
Connector. Attrib. ConnectionTimeout" to repair it.

 
{code:java}
server.getConnector().setAttribute("connectionTimeout",EmbeddedServerUtil.getLongConfig("ranger.service.http.connector.attrib.connectionTimeout",
 10000L)); {code}
 

At the same time, we can modify the value in the "ranger-admin-site.xml" 
configuration file, which is set to 10000ms by default.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-4420) Fixing the "Slow HTTP Denial of Service (DoS) Attack" vulnerability for Ranger Admin.

Reply via email to