telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Added detailed comment

Browse Source 
Added a detailed comment on what the change is needed for and why it's there
This commit is contained in:
Dave
2023-02-23 16:51:42 +01:00
committed by GitHub
parent f3a6461eaa
commit 350179fc89
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docker/nginx/dist/conf/tpotweb.conf vendored
View File

@ -47,9 +47,12 @@ server {
client_header_buffer_size 1k; client_header_buffer_size 1k;
client_max_body_size 2M; client_max_body_size 2M;
### Changed from OWASP defaults ### Changed from OWASP recommendations: "2 1k" to "2 1280" (So 1.2k)
### To suit Kibana (long ajax uris) breaking 1024 ### When you pass though potentially another reverse proxy/load balancer
### Still keeping it very true to 1k ### in front of tpotce you can introduce more headers than normal and
### therefore you can exceed the allowed header buffer of 1k.
### An 280 extra bytes seems to be working for most use-cases.
### And still keeping it close to OWASP's recommendation.
large_client_header_buffers 2 1280; large_client_header_buffers 2 1280;
### Mitigate Slow HHTP DoS Attack ### Mitigate Slow HHTP DoS Attack