hi Boris, it looks like your other questions have been covered but i'll snipe this one: On Fri, Sep 16, 2022 at 7:55 AM Boris Behrens <bb@xxxxxxxxx> wrote: > > How good is it handling bad HTTP request, sent by an attacker?) rgw relies on the boost.beast library to parse these http requests. that library has had ongoing security reviews: https://www.boost.org/doc/libs/1_79_0/libs/beast/doc/html/beast/quick_start/security_review_bishop_fox.html a strict http parser can protect against a lot of known attacks. that doesn't mean rgw won't do bad things interpreting valid requests, but i don't think proxies help with those kinds of bugs either _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |