Consider adding the `LimitRequestBody` setting to the horizon chapter of the Security Hardening Guide. Some prerequisite considerations: 1. Seek approval from DFG:UI. 2. Confirm which release this is approved for. For example: OSP13+ 3. Check whether this is configurable within director. 4. Check if there is any QE testing impact.
Add this to the dashboard chapter: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/14/html-single/security_and_hardening_guide/index#hardening_the_dashboard_service
Received request to add FollowSymLinks to discussion.
Added more updates to draft, updated example, phrasing.
Hi Aharon, Jeremy and I were getting up-to-speed on this and had a question on comment #23 [0]. Section two step three implies some functional tests, but we're not sure which test exactly. Adding needsinfo from Martin since he authored the comment, and hoping he can provide context or point us in the right direction. Thanks, Lance [0] https://bugzilla.redhat.com/show_bug.cgi?id=1720276#c23
mlopes - Any update for comment #39 ?
Any update on this BZ? Regards, Amol Lonare
It is safe to set "-Follow SymLinks", since, as David Hill pointed out, there aro no symlinks present. As to how to do it in TripleO, I'm not sure, I think it would have to be done by an ansible playbook after the deploy.