[GitHub] [nifi] alopresto commented on issue #4125: NIFI-7153 Adds ContentLengthFilter and DoSFilter

Tue, 24 Mar 2020 12:34:30 -0700 

alopresto commented on issue #4125: NIFI-7153 Adds ContentLengthFilter and 
DoSFilter
URL: https://github.com/apache/nifi/pull/4125#issuecomment-603462810
 
 
   That sounds like the problem with what I was doing before, but even 
performing the same action as you described, I did not see the log output: 
   
   ```
   🔒 0s @ 12:19:24 $ openssl rand -hex 30240000 > /tmp/hexdata
   ...rs/alopresto/Workspace/scratch/templates (master) 😉
   🔒 0s @ 12:24:53 $ curl 
'http://localhost:8080/nifi-api/processors/0dfe6a6d-0171-1000-b327-3350e76db627'
 \
   > -X PUT \
   > --data-binary "@/tmp/hexdata" \
   > -vvv
   *   Trying 127.0.0.1...
   * TCP_NODELAY set
   * Connected to localhost (127.0.0.1) port 8080 (#0)
   > PUT /nifi-api/processors/0dfe6a6d-0171-1000-b327-3350e76db627 HTTP/1.1
   > Host: localhost:8080
   > User-Agent: curl/7.54.0
   > Accept: */*
   > Content-Length: 60480001
   > Content-Type: application/x-www-form-urlencoded
   > Expect: 100-continue
   >
   < HTTP/1.1 413 Payload Too Large
   < Date: Tue, 24 Mar 2020 19:25:12 GMT
   < X-Frame-Options: SAMEORIGIN
   < Content-Security-Policy: frame-ancestors 'self'
   < X-XSS-Protection: 1; mode=block
   < Content-Type: text/plain
   < Content-Length: 17
   < Connection: close
   < Server: Jetty(9.4.19.v20190610)
   <
   * Closing connection 0
   Payload Too large
   ```
   
   I realized the log output of the filter is going to `nifi-user.log`, the web 
access request log, by default rather than the main application behavior log in 
`nifi-app.log` due to this configuration in the `conf/logback.xml` file:
   
   ```
       <logger name="org.apache.nifi.web.security" level="INFO" 
additivity="false">
           <appender-ref ref="USER_FILE"/>
       </logger>
   ``` 
   I think we should explicitly direct the content length warnings to the 
application log by adding this configuration to the default `logback.xml`:
   
   ```
       <logger name="org.apache.nifi.web.security.requests" level="DEBUG" 
additivity="false">
           <appender-ref ref="APP_FILE"/>
       </logger>
   ```
   
   I will make those changes and merge this PR.  
   
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to