Bug 1720276

Summary: [QE][Docs][rhos-tech][Security] Add explanations for LimitRequestBody and FollowSymLinks
Product: Red Hat OpenStack Reporter: Martin Lopes <mlopes>
Component: documentationAssignee: Roger Heslop <rheslop>
Status: MODIFIED --- QA Contact: RHOS Documentation Team <rhos-docs>
Severity: high Docs Contact:
Priority: high    
Version: 15.0 (Stein)CC: acanan, alee, alink, alonare, astillma, dhill, ggrasza, jagee, lbragsta, nlevinki, ravsingh, rheslop, rhos-docs, sandyada, snanawar
Target Milestone: ---Keywords: Documentation, Reopened, Triaged
Target Release: ---Flags: rheslop: needinfo? (astillma)
rheslop: needinfo? (snanawar)
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: docs-accepted
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-07-07 09:25:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Lopes 2019-06-13 14:36:57 UTC
Consider adding the `LimitRequestBody` setting to the horizon chapter of the Security Hardening Guide.

Some prerequisite considerations:

1. Seek approval from DFG:UI.
2. Confirm which release this is approved for. For example: OSP13+
3. Check whether this is configurable within director.
4. Check if there is any QE testing impact.

Comment 7 Martin Lopes 2019-06-18 09:17:06 UTC
Received request to add FollowSymLinks to discussion.

Comment 8 Martin Lopes 2019-06-18 10:38:07 UTC
Added more updates to draft, updated example, phrasing.

Comment 39 Lance Bragstad 2019-12-20 22:03:19 UTC
Hi Aharon,

Jeremy and I were getting up-to-speed on this and had a question on comment #23 [0]. Section two step three implies some functional tests, but we're not sure which test exactly. Adding needsinfo from Martin since he authored the comment, and hoping he can provide context or point us in the right direction.

Thanks,

Lance

[0] https://bugzilla.redhat.com/show_bug.cgi?id=1720276#c23

Comment 40 Aharon Canan 2020-01-02 13:15:19 UTC
mlopes - Any update for comment #39 ?

Comment 48 AMOL LONARE 2020-04-10 11:54:29 UTC
Any update on this BZ?

Regards,
Amol Lonare

Comment 59 Grzegorz Grasza 2023-07-31 08:03:06 UTC
It is safe to set "-Follow SymLinks", since, as David Hill pointed out, there aro no symlinks present. As to how to do it in TripleO, I'm not sure, I think it would have to be done by an ansible playbook after the deploy.