From fb8e7dbd1b711d25d1033c3f5f540ce47f6c0849 Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Mon, 20 Apr 2020 22:55:37 +0000 Subject: index: support --max-size / publicinbox.indexMaxSize In normal mail paths, we can rely on MTAs being configured with reasonable limits in the -watch and -mda mail injection paths. However, the MTA is bypassed in a git-only delivery path, a BOFH could inject a large message and DoS users attempting to mirror a public-inbox. This doesn't protect unindexed WWW interfaces from Email::MIME memory explosions on v1 inboxes. Probably nobody cares about unindexed WWW interfaces anymore, especially now that Xapian is optional for indexing. --- Documentation/public-inbox-index.pod | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'Documentation/public-inbox-index.pod') diff --git a/Documentation/public-inbox-index.pod b/Documentation/public-inbox-index.pod index dede5d2e..398ac516 100644 --- a/Documentation/public-inbox-index.pod +++ b/Documentation/public-inbox-index.pod @@ -66,6 +66,12 @@ is detected. This is intended to be used in mirrors after running L or L to ensure data is expunged from mirrors. +=item --max-size SIZE + +Sets or overrides L on a +per-invocation basis. See L +below. + =back =head1 FILES @@ -76,6 +82,23 @@ C<$GIT_DIR/public-inbox/> directory. v2 inboxes are described in L. +=head1 CONFIGURATION + +=over 8 + +=item publicinbox.indexMaxSize + +Prevents indexing of messages larger than the specified size +value. A single suffix modifier of C, C or C is +supported, thus the value of C<1m> to prevents indexing of +messages larger than one megabyte. + +This is useful for avoiding memory exhaustion in mirrors. + +Default: none + +=back + =head1 ENVIRONMENT =over 8 -- cgit v1.2.3-24-ge0c7