[
https://issues.apache.org/jira/browse/RANGER-4420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
shanyingying updated RANGER-4420:
---------------------------------
Attachment: RANGER-4420.patch
> Fixing the "Slow HTTP Denial of Service (DoS) Attack" vulnerability for
> Ranger Admin.
> -------------------------------------------------------------------------------------
>
> Key: RANGER-4420
> URL: https://issues.apache.org/jira/browse/RANGER-4420
> Project: Ranger
> Issue Type: Improvement
> Components: admin, Ranger
> Reporter: shanyingying
> Priority: Major
> Attachments: RANGER-4420.patch
>
>
> For Ranger Admin, we detected the vulnerability "Slow HTTP Denial of Service
> (DoS) Attack".
> This is because the embedded tomcat code is not set in the connectionTimeout
> parameters, we can increase the configurable parameters "ranger. Service.
> HTTP. Connector. Attrib. ConnectionTimeout" to repair it.
> {code:java}
> server.getConnector().setAttribute("connectionTimeout",EmbeddedServerUtil.getLongConfig("ranger.service.http.connector.attrib.connectionTimeout",
> 10000L)); {code}
> At the same time, we can modify the value in the
> "ranger-admin/ews/webapp/WEB-INF/classes/conf/ranger-admin-site.xml"
> configuration file, which is set to 10000ms by default.
> {code:java}
> <property>
> <name>ranger.service.http.connector.attrib.connectionTimeout</name>
> <value>10000</value>
> </property>{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
