Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/data path should be limited or configurable #17

Open
nicokaiser opened this issue Mar 23, 2019 · 0 comments · May be fixed by #54
Open

/data path should be limited or configurable #17

nicokaiser opened this issue Mar 23, 2019 · 0 comments · May be fixed by #54

Comments

@nicokaiser
Copy link

Once you figure out that someone has a containous/whoami instance runing (let's say on their domain … whoami.example.com), you can DoS their host by running multiple /data?size=10&unit=GB requests and have the dataHandler send lots of data.

I see that this container is mainly for debugging purposes, but in some cases it might land on production endpoints, so the "dangerous" functions should be switched off then.
wiltonsr added a commit to wiltonsr/whoami that referenced this issue Apr 28, 2022
@wiltonsr
Make /data path configurable
ac1ca88 
- Permit disable /data path to prevent DoS attack
- Fixes traefik#17
@wiltonsr wiltonsr linked a pull request Apr 28, 2022 that will close this issue
Open
wiltonsr added a commit to wiltonsr/whoami that referenced this issue Dec 18, 2023
@wiltonsr
Make /data path configurable
1af2589 
- Permit disable /data path to prevent DoS attack
- Fixes traefik#17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add option to disable data endpoint wiltonsr/whoami
1 participant
@nicokaiser