diff options
author | Dan Prince <dprince@redhat.com> | 2013-01-12 22:22:42 -0500 |
---|---|---|
committer | Dan Prince <dprince@redhat.com> | 2013-01-21 19:54:29 -0500 |
commit | 7691276b869a86c2b75631d5bede9f61e030d9d8 (patch) | |
tree | 42da4e3aec16d1473f66a4f6463e3d8248f4207c /keystone/middleware | |
parent | 8748cfa3a6b7573550e7ec8ced87e6fd2096a628 (diff) | |
download | keystone-7691276b869a86c2b75631d5bede9f61e030d9d8.tar.gz keystone-7691276b869a86c2b75631d5bede9f61e030d9d8.tar.xz keystone-7691276b869a86c2b75631d5bede9f61e030d9d8.zip |
Limit the size of HTTP requests.
Adds a new RequestBodySizeLimiter middleware to guard against
really large HTTP requests. The default max request size is 112k
although this limit is configurable via the 'max_request_body_size'
config parameter.
Fixes LP Bug #1099025.
Change-Id: Id51be3d9a0d829d63d55a92dca61a39a17629785
Diffstat (limited to 'keystone/middleware')
-rw-r--r-- | keystone/middleware/core.py | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/keystone/middleware/core.py b/keystone/middleware/core.py index a49f743b..24495c98 100644 --- a/keystone/middleware/core.py +++ b/keystone/middleware/core.py @@ -14,7 +14,10 @@ # License for the specific language governing permissions and limitations # under the License. +import webob.dec + from keystone.common import serializer +from keystone.common import utils from keystone.common import wsgi from keystone import config from keystone import exception @@ -164,3 +167,21 @@ class NormalizingFilter(wsgi.Middleware): # Rewrites path to root if no path is given. elif not request.environ['PATH_INFO']: request.environ['PATH_INFO'] = '/' + + +class RequestBodySizeLimiter(wsgi.Middleware): + """Limit the size of an incoming request.""" + + def __init__(self, *args, **kwargs): + super(RequestBodySizeLimiter, self).__init__(*args, **kwargs) + + @webob.dec.wsgify(RequestClass=wsgi.Request) + def __call__(self, req): + + if req.content_length > CONF.max_request_body_size: + raise exception.RequestTooLarge() + if req.content_length is None and req.is_body_readable: + limiter = utils.LimitingReader(req.body_file, + CONF.max_request_body_size) + req.body_file = limiter + return self.application |