[NIFI-9481] Exclude HTTP Site-to-Site Communication from DoS Filter - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.16.0
Component/s: Core Framework, Security
Labels:
None

Description

The Jetty Denial of Service Filter introduced in NiFi 1.12.0 applied rate limiting and processing timeouts to all HTTP requests that NiFi received through Jetty. This approach created potential problems when sending and receiving files using Site-to-Site over HTTP, prompting the introducing of configurable request timeout properties in NiFi 1.14.0.

Although configuring a large request timeout mitigates most issues, HTTP Site-to-Site transmission with high data volumes can make it difficult to select an optimal value for the request timeout property. Excluding specific Site-to-Site HTTP REST resource methods from request timeout filtering avoids potential problems on deployments with large volumes of data or transmission over slow network links.

Attachments

Issue Links

is caused by

NIFI-7153 Limit length of component property values

Resolved

is related to

NIFI-7912 Site-to-Site over HTTP fails for FlowFiles over 100MB

Resolved

links to

GitHub Pull Request #5670

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Dec/21 18:16

Updated:: 19/Jan/22 21:12

Resolved:: 19/Jan/22 21:12

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

50m