-
-
Notifications
You must be signed in to change notification settings - Fork 608
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Option to limit max dimension of output image #1279
Comments
Hey @diegoatpitch! Could you provide a use case for this feature? |
The main use case is to reduce our CDN billing in a single shot. Since this would be a server side configuration option it would help mitigate possible DoS attacks on instances without signature. I know this is not the ideal security scenario, but for us would help a great deal with mitigation. |
We received a similar request some time ago. We didn't move forward with it because it does not actually prevent DoS attacks: imgproxy has a few processing options besides width and height that can be used for DoS. We were in the same situation as you when developing our website. We have a demo on our website that allows you to resize an image and apply filters dynamically, thus we can't rely on pre-generated URLs. So we made an API that generates and signs imgproxy URLs based on the provided options. That API also checks the provided options so they match the restrictions. I would offer you to use the same approach. Since we need to show the imgproxy URL on our site, our API just returns the URL, but you can make it to make a redirect. The API is very simple and responds in a millisecond while running on the smallest GCR instance. The difference between our cases is that our API requires width and height to be provided while in your case, as far as I understood, it is not required. In this case, I'd offer to use a default preset:
The API is so simple that I could build a draft of it with a language I am familiar with if you like. |
Requesting a large image could cause resource exhaustion, especially in kubernetes. We've seen pods being killed which had a memory limit of 768m. For now we've increased the memory limit, but limiting the output size would be a better solution. |
I would like to limit the dimensions of output images no matter what was requested.
Example:
IMGPROXY_MAX_OUTPUT_DIMENSION=8000
/_/rs:fit:10000:5625/plain/my-image.jpeg
/_/plain/my-image.jpeg
I hope that makes sense and is helpful to others.
The text was updated successfully, but these errors were encountered: