thenatog commented on a change in pull request #4972: URL: https://github.com/apache/nifi/pull/4972#discussion_r608078390
########## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java ########## @@ -715,20 +717,40 @@ private static int determineMaxWebRequestsPerSecond(NiFiProperties props) { return configuredMaxRequestsPerSecond > 0 ? configuredMaxRequestsPerSecond : defaultMaxRequestsPerSecond; } + private static long determineRequestTimeoutInMilliseconds(NiFiProperties props) { + long defaultRequestTimeout = Math.round(FormatUtils.getPreciseTimeDuration(NiFiProperties.DEFAULT_WEB_REQUEST_TIMEOUT, TimeUnit.MILLISECONDS)); + long configuredRequestTimeout = 0L; + try { + configuredRequestTimeout = Math.round(FormatUtils.getPreciseTimeDuration(props.getWebRequestTimeout(), TimeUnit.MILLISECONDS)); + } catch (final NumberFormatException e) { + logger.warn("Exception parsing property " + NiFiProperties.WEB_REQUEST_TIMEOUT + "; using default value: " + defaultRequestTimeout); + } + + return configuredRequestTimeout > 0 ? configuredRequestTimeout : defaultRequestTimeout; + } + /** * Adds the {@link org.eclipse.jetty.servlets.DoSFilter} to the specified context and path. Limits incoming web requests to {@code maxWebRequestsPerSecond} per second. * * @param path the path to apply this filter * @param webAppContext the context to apply this filter * @param maxWebRequestsPerSecond the maximum number of allowed requests per second */ - private static void addWebRequestRateLimitingFilter(String path, WebAppContext webAppContext, int maxWebRequestsPerSecond) { + private static void addWebRequestRateLimitingFilter(String path, WebAppContext webAppContext, int maxWebRequestsPerSecond, long requestTimeoutInMilliseconds, final String ipWhitelist) { FilterHolder holder = new FilterHolder(DoSFilter.class); holder.setInitParameters(new HashMap<String, String>() {{ put("maxRequestsPerSec", String.valueOf(maxWebRequestsPerSecond)); + put("maxRequestMs", String.valueOf(requestTimeoutInMilliseconds)); + put("ipWhitelist", String.valueOf(ipWhitelist)); }}); holder.setName(DoSFilter.class.getSimpleName()); - logger.debug("Adding DoSFilter to context at path: " + path + " with max req/sec: " + maxWebRequestsPerSecond); + + String ipWhitelistLoggable = ipWhitelist; + if(ipWhitelist == null) { + ipWhitelistLoggable = "none"; + } + logger.info("Adding DoSFilter to context at path: {} with max req/sec: {}, request timeout: {} ms. Whitelisted IPs not subject to filter: {}", + path, maxWebRequestsPerSecond, requestTimeoutInMilliseconds, ipWhitelistLoggable); Review comment: Ah great, I briefly looked for a way to do this. Thanks! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org