Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-8782

Add Rate-Limiting for Access Token Requests

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      The NiFi Jetty Server currently relies on the Jetty Denial of Service Filter to provide configurable rate-limiting for HTTP requests. The DoSFilter applies to all requests and setting to the limit too low can cause unexpected problems during system administration or data transfer.

      When configured with a Login Identity Provider, Access Token requests support authenticating users against the specified provider. The number of Access Token requests from a given remote address should be minimal and predictable based on the expected number of authorized users. Introducing a separate configuration property and targeted filter for Access Token requests will allow the NiFi Jetty Server to reject excessive numbers of authentication attempts while permitting higher numbers of requests to other resources.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            exceptionfactory David Handermann
            exceptionfactory David Handermann
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 40m
                40m

                Slack

                  Issue deployment