diff options
author | Eric Wong <e@yhbt.net> | 2020-04-20 22:55:37 +0000 |
---|---|---|
committer | Eric Wong <e@yhbt.net> | 2020-04-21 20:13:47 +0000 |
commit | fb8e7dbd1b711d25d1033c3f5f540ce47f6c0849 (patch) | |
tree | 9560834162cdb04fbc95d5bc0bac3669cd9eaea5 /Documentation | |
parent | e700c37c0186915253d639462cfa403fd9fc964f (diff) | |
download | public-inbox-fb8e7dbd1b711d25d1033c3f5f540ce47f6c0849.tar.gz |
In normal mail paths, we can rely on MTAs being configured with reasonable limits in the -watch and -mda mail injection paths. However, the MTA is bypassed in a git-only delivery path, a BOFH could inject a large message and DoS users attempting to mirror a public-inbox. This doesn't protect unindexed WWW interfaces from Email::MIME memory explosions on v1 inboxes. Probably nobody cares about unindexed WWW interfaces anymore, especially now that Xapian is optional for indexing.
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/public-inbox-config.pod | 4 | ||||
-rw-r--r-- | Documentation/public-inbox-index.pod | 23 |
2 files changed, 27 insertions, 0 deletions
diff --git a/Documentation/public-inbox-config.pod b/Documentation/public-inbox-config.pod index 708a785f..f3b6c8b7 100644 --- a/Documentation/public-inbox-config.pod +++ b/Documentation/public-inbox-config.pod @@ -288,6 +288,10 @@ or /usr/share/cgit/ See L<public-inbox-edit(1)> +=item publicinbox.indexMaxSize + +See L<public-inbox-index(1)> + =item publicinbox.wwwlisting Enable a HTML listing style when the root path of the URL '/' is accessed. diff --git a/Documentation/public-inbox-index.pod b/Documentation/public-inbox-index.pod index dede5d2e..398ac516 100644 --- a/Documentation/public-inbox-index.pod +++ b/Documentation/public-inbox-index.pod @@ -66,6 +66,12 @@ is detected. This is intended to be used in mirrors after running L<public-inbox-edit(1)> or L<public-inbox-purge(1)> to ensure data is expunged from mirrors. +=item --max-size SIZE + +Sets or overrides L</publicinbox.indexMaxSize> on a +per-invocation basis. See L</publicinbox.indexMaxSize> +below. + =back =head1 FILES @@ -76,6 +82,23 @@ C<$GIT_DIR/public-inbox/> directory. v2 inboxes are described in L<public-inbox-v2-format>. +=head1 CONFIGURATION + +=over 8 + +=item publicinbox.indexMaxSize + +Prevents indexing of messages larger than the specified size +value. A single suffix modifier of C<k>, C<m> or C<g> is +supported, thus the value of C<1m> to prevents indexing of +messages larger than one megabyte. + +This is useful for avoiding memory exhaustion in mirrors. + +Default: none + +=back + =head1 ENVIRONMENT =over 8 |