[
https://issues.apache.org/jira/browse/NIFI-8782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-8782:
-----------------------------------
Description:
The NiFi Jetty Server currently relies on the Jetty [Denial of Service
Filter|https://www.eclipse.org/jetty/documentation/jetty-9/index.html#dos-filter]
to provide configurable rate-limiting for HTTP requests. The DoSFilter applies
to all requests and setting to the limit too low can cause unexpected problems
during system administration or data transfer.
When configured with a Login Identity Provider, Access Token requests support
authenticating users against the specified provider. The number of Access Token
requests from a given remote address should be minimal and predictable based on
the expected number of authorized users. Introducing a separate configuration
property and targeted filter for Access Token requests will allow the NiFi
Jetty Server to reject excessive numbers of authentication attempts while
permitting higher numbers of requests to other resources.
was:
The NiFi Jetty Server currently relies on the Jetty [Denial of Service
Filter|https://www.eclipse.org/jetty/documentation/jetty-9/index.html#dos-filter]
to provide configurable rate-limiting for HTTP requests. The DoSFilter applies
to all requests and setting to the limit too low can cause unexpected problems
during system administrator or data transfer.
When configured with a Login Identity Provider, Access Token requests support
authenticating users against the specified provider. The number of Access Token
requests from a given remote address should be minimal and predictable based on
the expected number of authorized users. Introducing a separate configuration
property and targeted filter for Access Token requests will allow the NiFi
Jetty Server to reject excessive numbers of authentication attempts while
permitting higher numbers of requests to other resources.
> Add Rate-Limiting for Access Token Requests
> -------------------------------------------
>
> Key: NIFI-8782
> URL: https://issues.apache.org/jira/browse/NIFI-8782
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core UI, Security
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Labels: authentication, jetty, security
>
> The NiFi Jetty Server currently relies on the Jetty [Denial of Service
> Filter|https://www.eclipse.org/jetty/documentation/jetty-9/index.html#dos-filter]
> to provide configurable rate-limiting for HTTP requests. The DoSFilter
> applies to all requests and setting to the limit too low can cause unexpected
> problems during system administration or data transfer.
> When configured with a Login Identity Provider, Access Token requests support
> authenticating users against the specified provider. The number of Access
> Token requests from a given remote address should be minimal and predictable
> based on the expected number of authorized users. Introducing a separate
> configuration property and targeted filter for Access Token requests will
> allow the NiFi Jetty Server to reject excessive numbers of authentication
> attempts while permitting higher numbers of requests to other resources.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
