Jump to: navigation, search


HTTP POST limiting advised to avoid Essex/Folsom Keystone DoS


Concurrent Keystone POST requests with large body messages are held in memory without filtering or rate limiting, this can lead to resource exhaustion on the Keystone server.

Affected Services / Software

Keystone, Databases


Keystone stores POST messages in memory before validation, concurrent submission of multiple large POST messages can cause the Keystone process to be killed due to memory exhaustion, resulting in a remote Denial of Service.

In many cases Keystone will be deployed behind a load-balancer or proxy that can rate limit POST messages inbound to Keystone. Grizzly is protected against that through the sizelimit middleware.

Recommended Actions

If you are in a situation where Keystone is directly exposed to incoming POST messages and not protected by the sizelimit middleware there are a number of load-balancing/proxy options, we suggest you consider one of the following:

Nginx: Open-source, high-performance HTTP server and reverse proxy

Apache: HTTP Server Project

Contacts / References