[GitHub] [nifi] thenatog commented on a change in pull request #4972: NIFI-7912 - Added a Denial of Service filter wrapper called NiFiDoSFi…

Tue, 06 Apr 2021 11:16:49 -0700 


thenatog commented on a change in pull request #4972:
URL: https://github.com/apache/nifi/pull/4972#discussion_r608078390



##########
File path: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
##########
@@ -715,20 +717,40 @@ private static int 
determineMaxWebRequestsPerSecond(NiFiProperties props) {
         return configuredMaxRequestsPerSecond > 0 ? 
configuredMaxRequestsPerSecond : defaultMaxRequestsPerSecond;
     }
 
+    private static long determineRequestTimeoutInMilliseconds(NiFiProperties 
props) {
+        long defaultRequestTimeout = 
Math.round(FormatUtils.getPreciseTimeDuration(NiFiProperties.DEFAULT_WEB_REQUEST_TIMEOUT,
 TimeUnit.MILLISECONDS));
+        long configuredRequestTimeout = 0L;
+        try {
+            configuredRequestTimeout = 
Math.round(FormatUtils.getPreciseTimeDuration(props.getWebRequestTimeout(), 
TimeUnit.MILLISECONDS));
+        } catch (final NumberFormatException e) {
+            logger.warn("Exception parsing property " + 
NiFiProperties.WEB_REQUEST_TIMEOUT + "; using default value: " + 
defaultRequestTimeout);
+        }
+
+        return configuredRequestTimeout > 0 ? configuredRequestTimeout : 
defaultRequestTimeout;
+    }
+
     /**
      * Adds the {@link org.eclipse.jetty.servlets.DoSFilter} to the specified 
context and path. Limits incoming web requests to {@code 
maxWebRequestsPerSecond} per second.
      *
      * @param path the path to apply this filter
      * @param webAppContext the context to apply this filter
      * @param maxWebRequestsPerSecond the maximum number of allowed requests 
per second
      */
-    private static void addWebRequestRateLimitingFilter(String path, 
WebAppContext webAppContext, int maxWebRequestsPerSecond) {
+    private static void addWebRequestRateLimitingFilter(String path, 
WebAppContext webAppContext, int maxWebRequestsPerSecond, long 
requestTimeoutInMilliseconds, final String ipWhitelist) {
         FilterHolder holder = new FilterHolder(DoSFilter.class);
         holder.setInitParameters(new HashMap<String, String>() {{
             put("maxRequestsPerSec", String.valueOf(maxWebRequestsPerSecond));
+            put("maxRequestMs", String.valueOf(requestTimeoutInMilliseconds));
+            put("ipWhitelist", String.valueOf(ipWhitelist));
         }});
         holder.setName(DoSFilter.class.getSimpleName());
-        logger.debug("Adding DoSFilter to context at path: " + path + " with 
max req/sec: " + maxWebRequestsPerSecond);
+
+        String ipWhitelistLoggable = ipWhitelist;
+        if(ipWhitelist == null) {
+            ipWhitelistLoggable = "none";
+        }
+        logger.info("Adding DoSFilter to context at path: {} with max req/sec: 
{}, request timeout: {} ms. Whitelisted IPs not subject to filter: {}",
+                path, maxWebRequestsPerSecond, requestTimeoutInMilliseconds, 
ipWhitelistLoggable);

Review comment:
       Ah great, I briefly looked for a way to do this. Thanks!




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to