From 9aa8fb39337dadb05b79e99d3c93fce4ed638683 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia Date: Mon, 16 Oct 2023 19:50:15 +0000 Subject: [PATCH] update releases configuration.md Signed-off-by: Sunjay Bhatia --- site/content/docs/1.24/configuration.md | 2 ++ site/content/docs/1.25/configuration.md | 2 ++ site/content/docs/1.26/configuration.md | 2 ++ 3 files changed, 6 insertions(+) diff --git a/site/content/docs/1.24/configuration.md b/site/content/docs/1.24/configuration.md index edb968bc45e..94e7e0ad17a 100644 --- a/site/content/docs/1.24/configuration.md +++ b/site/content/docs/1.24/configuration.md @@ -185,6 +185,8 @@ The listener configuration block can be used to configure various parameters for | Field Name | Type | Default | Description | | ------------------- | ------ | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | connection-balancer | string | `""` | This field specifies the listener connection balancer. If the value is `exact`, the listener will use the exact connection balancer to balance connections between threads in a single Envoy process. See [the Envoy documentation][14] for more information. | +| max-requests-per-io-cycle | int | none | Defines the limit on number of HTTP requests that Envoy will process from a single connection in a single I/O cycle. Requests over this limit are processed in subsequent I/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is detected. Configures the `http.max_requests_per_io_cycle` Envoy runtime setting. The default value when this is not set is no limit. | +| http2-max-concurrent-streams | int | none | Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the SETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed for a peer on a single HTTP/2 connection. It is recommended to not set this lower than 100 but this field can be used to bound resource usage by HTTP/2 connections and mitigate attacks like CVE-2023-44487. The default value when this is not set is unlimited. | ### Server Configuration diff --git a/site/content/docs/1.25/configuration.md b/site/content/docs/1.25/configuration.md index 273d4a248fb..9d9014ec444 100644 --- a/site/content/docs/1.25/configuration.md +++ b/site/content/docs/1.25/configuration.md @@ -186,6 +186,8 @@ The listener configuration block can be used to configure various parameters for | Field Name | Type | Default | Description | | ------------------- | ------ | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | connection-balancer | string | `""` | This field specifies the listener connection balancer. If the value is `exact`, the listener will use the exact connection balancer to balance connections between threads in a single Envoy process. See [the Envoy documentation][14] for more information. | +| max-requests-per-io-cycle | int | none | Defines the limit on number of HTTP requests that Envoy will process from a single connection in a single I/O cycle. Requests over this limit are processed in subsequent I/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is detected. Configures the `http.max_requests_per_io_cycle` Envoy runtime setting. The default value when this is not set is no limit. | +| http2-max-concurrent-streams | int | none | Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the SETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed for a peer on a single HTTP/2 connection. It is recommended to not set this lower than 100 but this field can be used to bound resource usage by HTTP/2 connections and mitigate attacks like CVE-2023-44487. The default value when this is not set is unlimited. | ### Server Configuration diff --git a/site/content/docs/1.26/configuration.md b/site/content/docs/1.26/configuration.md index 8867f89d113..dd800bc9ab2 100644 --- a/site/content/docs/1.26/configuration.md +++ b/site/content/docs/1.26/configuration.md @@ -195,6 +195,8 @@ The listener configuration block can be used to configure various parameters for | max-requests-per-connection | int | none | This field specifies the maximum requests for downstream connections. If not specified, there is no limit | | per-connection-buffer-limit-bytes | int | 1MiB* | This field specifies the soft limit on size of the listener’s new connection read and write buffer. If not specified, Envoy defaults of 1MiB apply | | socket-options | SocketOptions | | The [Socket Options](#socket-options) for Envoy listeners. | +| max-requests-per-io-cycle | int | none | Defines the limit on number of HTTP requests that Envoy will process from a single connection in a single I/O cycle. Requests over this limit are processed in subsequent I/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is detected. Configures the `http.max_requests_per_io_cycle` Envoy runtime setting. The default value when this is not set is no limit. | +| http2-max-concurrent-streams | int | none | Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the SETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed for a peer on a single HTTP/2 connection. It is recommended to not set this lower than 100 but this field can be used to bound resource usage by HTTP/2 connections and mitigate attacks like CVE-2023-44487. The default value when this is not set is unlimited. | _This is Envoy's default setting value and is not explicitly configured by Contour._