From 72c54dac37d78dfb4d7a52f390fadf4aeea73108 Mon Sep 17 00:00:00 2001 From: "Jens W. Klein" Date: Wed, 25 Oct 2023 11:30:32 +0200 Subject: [PATCH 1/2] add settings for https://github.com/zopefoundation/Zope/pull/1142 --- CHANGES.rst | 3 +++ cookiecutter.json | 5 +++++ {{ cookiecutter.target }}/etc/zope.conf | 7 +++++++ 3 files changed, 15 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index cfcc73e..332a189 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,6 +1,9 @@ Changelog ========= +- Add `dos_protection_*` settings for feature introduced in https://github.com/zopefoundation/Zope/pull/1142 + [jensens, 2023-10-25] + - Fix loading of `overrides.zcml`` and `meta.zcml`. [jensens, 2022-02-07] diff --git a/cookiecutter.json b/cookiecutter.json index 28c0b3e..42ea836 100644 --- a/cookiecutter.json +++ b/cookiecutter.json @@ -27,6 +27,11 @@ "resources_directory_location": "" }, + "dos_protection_settings": true, + "dos_protection_file_memory_limit": "1MB", + "dos_protection_file_disk_limit": "1GB", + "dos_protection_memfile_disk_limit": "4KB", + "db_storage": ["direct", "relstorage", "zeo"], "db_cache_size": "30000", "db_cache_size_bytes": "", diff --git a/{{ cookiecutter.target }}/etc/zope.conf b/{{ cookiecutter.target }}/etc/zope.conf index 4ef0f03..e97adc1 100644 --- a/{{ cookiecutter.target }}/etc/zope.conf +++ b/{{ cookiecutter.target }}/etc/zope.conf @@ -19,6 +19,13 @@ default-zpublisher-encoding utf-8 {%- endif %} + + + form-memory-limit {{ cookiecutter.dos_protection_form_memory_limit }} + form-disk-limit {{ cookiecutter.dos_protection_form_disk_limit }} + form-memfile-limit {{ cookiecutter.dos_protection_form_memfile_limit }} + + # Database mount-point / From 438bfd7f21133fbc1aaec1f7d9ced1c2c23ecda3 Mon Sep 17 00:00:00 2001 From: "Jens W. Klein" Date: Wed, 25 Oct 2023 11:39:42 +0200 Subject: [PATCH 2/2] document and conditional for older versions --- README.rst | 21 +++++++++++++++++++++ cookiecutter.json | 2 +- {{ cookiecutter.target }}/etc/zope.conf | 2 ++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/README.rst b/README.rst index 8274077..28d1494 100644 --- a/README.rst +++ b/README.rst @@ -119,6 +119,27 @@ TODO: support https://docs.pylonsproject.org/projects/waitress/en/latest/argumen "CHAMELEON_CACHE": "{{ cookiecutter.location_clienthome }}/cache" } +``dos_protection_available`` + In Zope 5.8.4 and later, DOS protection is available. + For older versions of Zope set this to ``false``. + + Default: ``true`` + +``dos_protection_file_memory_limit`` + The maximum size for each part in a multipart post request, for the complete body in an urlencoded post request and for the complete request body when accessed as bytes (rather than a file). + + default: "1MB", + +``dos_protection_file_disk_limit`` + The maximum size of a POST request body. + + default: "1GB", + +``dos_protection_memfile_disk_limit`` + The value of form variables of type file with larger size are stored on disk rather than in memory. + + default: "4KB", + Initial user ------------ diff --git a/cookiecutter.json b/cookiecutter.json index 42ea836..00b04ce 100644 --- a/cookiecutter.json +++ b/cookiecutter.json @@ -27,7 +27,7 @@ "resources_directory_location": "" }, - "dos_protection_settings": true, + "dos_protection_available": true, "dos_protection_file_memory_limit": "1MB", "dos_protection_file_disk_limit": "1GB", "dos_protection_memfile_disk_limit": "4KB", diff --git a/{{ cookiecutter.target }}/etc/zope.conf b/{{ cookiecutter.target }}/etc/zope.conf index e97adc1..adec7d1 100644 --- a/{{ cookiecutter.target }}/etc/zope.conf +++ b/{{ cookiecutter.target }}/etc/zope.conf @@ -20,11 +20,13 @@ default-zpublisher-encoding utf-8 {%- endif %} +{%- if cookiecutter.dos_protection_available %} form-memory-limit {{ cookiecutter.dos_protection_form_memory_limit }} form-disk-limit {{ cookiecutter.dos_protection_form_disk_limit }} form-memfile-limit {{ cookiecutter.dos_protection_form_memfile_limit }} +{%- endif %} # Database