2252718 – Recommendations for LimitRequestBody from "Hardening Red Hat OpenStack Platform" guide looks suboptimal

Bug 2252718 - Recommendations for LimitRequestBody from "Hardening Red Hat OpenStack Platform" guide looks suboptimal

Summary: Recommendations for LimitRequestBody from "Hardening Red Hat OpenStack Platfo...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	documentation
Sub Component:
Version:	17.1 (Wallaby)
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	low
Target Milestone:	---
Target Release:	---
Assignee:	Roger Heslop
QA Contact:	RHOS Documentation Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-12-04 09:35 UTC by Alex Stupnikov
Modified:	2024-03-18 15:02 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2024-03-18 15:02:34 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	OSP-30641	0	None	None	None	2023-12-04 09:35:58 UTC
Red Hat Knowledge Base (Solution)	7049165	0	None	None	None	2023-12-22 15:20:26 UTC

Description Alex Stupnikov 2023-12-04 09:35:04 UTC

Description of problem:
Section "14.18. Limiting the size of file uploads" from "Hardening Red Hat OpenStack Platform" guide tells users to manually set LimitRequestBody parameter in multiple httpd configuration files. https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.1/html-single/hardening_red_hat_openstack_platform/index#limiting-the-size-of-file-uploads_hardening-the-dashboard-service

While it wasn't the case for RHOSP 16.2, limitreqbody parameter is available in RHOSP 17.1 for apache::vhost. It looks like we can take a second look at our documentation and probably recommend to use HorizonVhostExtraParams THT definition to pass limitreqbody to puppet-apache.

It looks like set of modified configuration files will be slightly different, so this requires a second look from engineering side.

Version-Release number of selected component (if applicable):
RHOSP 17.1

How reproducible:
There is a need to tune LimitRequestBody.


Actual results:
Manual steps are required

Expected results:
THT framework handles everything.

Comment 4 Roger Heslop 2024-01-08 17:28:33 UTC

Email sent to Horizon team requesting feedback

Comment 7 Roger Heslop 2024-03-18 15:02:34 UTC

Based on feedback about the concerns caused by similar expected fail healthchecks, closing as wontfix.

Note You need to log in before you can comment on or make changes to this bug.