Skip to content

Commit a85d404

Browse files
pcrespovpcrespov
committed
limit requrests at the web-server level
1 parent 1df610c commit a85d404

File tree

2 files changed

+23
-3
lines changed
  • services/web/server

2 files changed

+23
-3
lines changed

services/web/server/docker/boot.sh

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,8 @@ echo "$INFO" "GUNICORN_CMD_ARGS: $GUNICORN_CMD_ARGS"
5858
if [ "${SC_BOOT_MODE}" = "debug" ]; then
5959
# NOTE: ptvsd is programmatically enabled inside of the service
6060
# this way we can have reload in place as well
61-
exec python -Xfrozen_modules=off -m debugpy --listen 0.0.0.0:"${WEBSERVER_REMOTE_DEBUGGING_PORT}" -m gunicorn simcore_service_webserver.cli:app_factory \
61+
exec python -Xfrozen_modules=off -m debugpy --listen 0.0.0.0:"${WEBSERVER_REMOTE_DEBUGGING_PORT}" -m \
62+
gunicorn simcore_service_webserver.cli:create_app_runner \
6263
--log-level="${SERVER_LOG_LEVEL}" \
6364
--bind 0.0.0.0:8080 \
6465
--worker-class aiohttp.GunicornUVLoopWebWorker \
@@ -71,13 +72,16 @@ if [ "${SC_BOOT_MODE}" = "debug" ]; then
7172

7273
else
7374

74-
exec gunicorn simcore_service_webserver.cli:app_factory \
75+
exec gunicorn simcore_service_webserver.cli:create_app_runner \
7576
--log-level="${SERVER_LOG_LEVEL}" \
7677
--bind 0.0.0.0:8080 \
7778
--worker-class aiohttp.GunicornUVLoopWebWorker \
7879
--workers="${WEBSERVER_GUNICORN_WORKERS:-1}" \
7980
--name="webserver_$(hostname)_$(date +'%Y-%m-%d_%T')_$$" \
8081
--access-logfile='-' \
8182
--access-logformat='%a %t "%r" %s %b [%Dus] "%{Referer}i" "%{User-Agent}i"' \
82-
--worker-tmp-dir=/dev/shm
83+
--worker-tmp-dir=/dev/shm \
84+
--limit-request-line 4094 \
85+
--limit-request-fields 100 \
86+
--limit-request-field_size 8190
8387
fi

services/web/server/src/simcore_service_webserver/cli.py

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,22 @@ async def app_factory() -> web.Application:
8383
return app
8484

8585

86+
_ACCESS_LOG_FMT = '%a %t "%r" %s %b [%Dus] "%{Referer}i" "%{User-Agent}i"'
87+
88+
89+
async def create_app_runner() -> web.AppRunner:
90+
91+
app = await app_factory()
92+
93+
# Rejects requests that are oversized. Fixes https://github.com/ITISFoundation/osparc-simcore/issues/7979
94+
return web.AppRunner(
95+
app,
96+
access_log_format=_ACCESS_LOG_FMT,
97+
max_line_size=4094, # request line & single header line cap
98+
max_field_size=8190, # per-header field cap
99+
)
100+
101+
86102
# CLI -------------
87103

88104
main = typer.Typer(name="simcore-service-webserver")

0 commit comments

Comments
 (0)