You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: addons/contour/1.26.0/contour.yaml
+47
Original file line number
Diff line number
Diff line change
@@ -228,13 +228,36 @@ spec:
228
228
slashes from request URL paths. \n Contour's default is
229
229
false."
230
230
type: boolean
231
+
httpMaxConcurrentStreams:
232
+
description: Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS
233
+
Envoy will advertise in the SETTINGS frame in HTTP/2 connections
234
+
and the limit for concurrent streams allowed for a peer
235
+
on a single HTTP/2 connection. It is recommended to not
236
+
set this lower than 100 but this field can be used to bound
237
+
resource usage by HTTP/2 connections and mitigate attacks
238
+
like CVE-2023-44487. The default value when this is not
239
+
set is unlimited.
240
+
format: int32
241
+
minimum: 1
242
+
type: integer
231
243
maxRequestsPerConnection:
232
244
description: Defines the maximum requests for downstream connections.
233
245
If not specified, there is no limit. see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions
234
246
for more information.
235
247
format: int32
236
248
minimum: 1
237
249
type: integer
250
+
maxRequestsPerIOCycle:
251
+
description: Defines the limit on number of HTTP requests
252
+
that Envoy will process from a single connection in a single
253
+
I/O cycle. Requests over this limit are processed in subsequent
254
+
I/O cycles. Can be used as a mitigation for CVE-2023-44487
255
+
when abusive traffic is detected. Configures the http.max_requests_per_io_cycle
256
+
Envoy runtime setting. The default value when this is not
257
+
set is no limit.
258
+
format: int32
259
+
minimum: 1
260
+
type: integer
238
261
per-connection-buffer-limit-bytes:
239
262
description: Defines the soft limit on size of the listener’s
240
263
new connection read and write buffers in bytes. If unspecified,
@@ -3658,6 +3681,18 @@ spec:
3658
3681
duplicate slashes from request URL paths. \n Contour's
3659
3682
default is false."
3660
3683
type: boolean
3684
+
httpMaxConcurrentStreams:
3685
+
description: Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS
3686
+
Envoy will advertise in the SETTINGS frame in HTTP/2
3687
+
connections and the limit for concurrent streams allowed
3688
+
for a peer on a single HTTP/2 connection. It is recommended
3689
+
to not set this lower than 100 but this field can be
3690
+
used to bound resource usage by HTTP/2 connections and
3691
+
mitigate attacks like CVE-2023-44487. The default value
3692
+
when this is not set is unlimited.
3693
+
format: int32
3694
+
minimum: 1
3695
+
type: integer
3661
3696
maxRequestsPerConnection:
3662
3697
description: Defines the maximum requests for downstream
3663
3698
connections. If not specified, there is no limit. see
@@ -3666,6 +3701,18 @@ spec:
3666
3701
format: int32
3667
3702
minimum: 1
3668
3703
type: integer
3704
+
maxRequestsPerIOCycle:
3705
+
description: Defines the limit on number of HTTP requests
3706
+
that Envoy will process from a single connection in
3707
+
a single I/O cycle. Requests over this limit are processed
3708
+
in subsequent I/O cycles. Can be used as a mitigation
3709
+
for CVE-2023-44487 when abusive traffic is detected.
3710
+
Configures the http.max_requests_per_io_cycle Envoy
3711
+
runtime setting. The default value when this is not
3712
+
set is no limit.
3713
+
format: int32
3714
+
minimum: 1
3715
+
type: integer
3669
3716
per-connection-buffer-limit-bytes:
3670
3717
description: Defines the soft limit on size of the listener’s
3671
3718
new connection read and write buffers in bytes. If unspecified,
0 commit comments