-
Notifications
You must be signed in to change notification settings - Fork 217
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/data path should be limited or configurable #17
Comments
wiltonsr
added a commit
to wiltonsr/whoami
that referenced
this issue
Apr 28, 2022
- Permit disable /data path to prevent DoS attack - Fixes traefik#17
wiltonsr
added a commit
to wiltonsr/whoami
that referenced
this issue
Dec 18, 2023
- Permit disable /data path to prevent DoS attack - Fixes traefik#17
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Once you figure out that someone has a containous/whoami instance runing (let's say on their domain … whoami.example.com), you can DoS their host by running multiple
/data?size=10&unit=GB
requests and have the dataHandler send lots of data.I see that this container is mainly for debugging purposes, but in some cases it might land on production endpoints, so the "dangerous" functions should be switched off then.
The text was updated successfully, but these errors were encountered: