[SPARK-26118][Web UI] Introducing spark.ui.requestHeaderSize for setting HTTP requestHeaderSize

[attilapiros]

What changes were proposed in this pull request?

Introducing spark.ui.requestHeaderSize for configuring Jetty's HTTP requestHeaderSize.
This way long authorization field does not lead to HTTP 431.

How was this patch tested?

Manually with curl (which version must be at least 7.55).

With the original default value (8k limit):

# Starting history server with default requestHeaderSize
$ ./sbin/start-history-server.sh
starting org.apache.spark.deploy.history.HistoryServer, logging to /Users/attilapiros/github/spark/logs/spark-attilapiros-org.apache.spark.deploy.history.HistoryServer-1-apiros-MBP.lan.out

# Creating huge header
$ echo -n "X-Custom-Header: " > cookie
$ printf 'A%.0s' {1..9500} >> cookie

# HTTP GET with huge header fails with 431 
$ curl  -H @cookie http://[email protected]:18080/
<h1>Bad Message 431</h1><pre>reason: Request Header Fields Too Large</pre> 

# The log contains the error
$ tail -1 /Users/attilapiros/github/spark/logs/spark-attilapiros-org.apache.spark.deploy.history.HistoryServer-1-apiros-MBP.lan.out
18/11/19 21:24:28 WARN HttpParser: Header is too large 8193>8192

After:

# Creating the history properties file with the increased requestHeaderSize
$ echo spark.ui.requestHeaderSize=10000 > history.properties

# Starting Spark History Server with the settings
$ ./sbin/start-history-server.sh --properties-file history.properties
starting org.apache.spark.deploy.history.HistoryServer, logging to /Users/attilapiros/github/spark/logs/spark-attilapiros-org.apache.spark.deploy.history.HistoryServer-1-apiros-MBP.lan.out

# HTTP GET with huge header gives back HTML5 (I have added here only just a part of the response)
$ curl  -H @cookie http://[email protected]:18080/
<!DOCTYPE html><html>
      <head>...
         <link rel="shortcut icon" href="/static/spark-logo-77x50px-hd.png"></link>
        <title>History Server</title>
      </head>
      <body>
...

[squito]

lgtm, just a small comment on the doc

[SparkQA]

Test build #99018 has finished for PR 23090 at commit c6278be.

• This patch fails Spark unit tests.
• This patch merges cleanly.
• This patch adds no public classes.

[SparkQA]

Test build #99019 has finished for PR 23090 at commit 81334f4.

• This patch fails Spark unit tests.
• This patch merges cleanly.
• This patch adds no public classes.

[HeartSaVioR]

+1 Surprisingly I crafted quite similar patch in couple of days ago (not submitted yet on Apache side). LGTM.

[SparkQA]

Test build #99023 has finished for PR 23090 at commit a343f93.

• This patch fails Spark unit tests.
• This patch merges cleanly.
• This patch adds no public classes.

[gengliangwang]

LGTM

[SparkQA]

Test build #4434 has finished for PR 23090 at commit a343f93.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[gaborgsomogyi]

LGTM

[squito]

merged to master / 2.4

[dongjoon-hyun]

Hi, @squito .
SPARK-26118 is marked as 'Improvement', we don't backport 'Improvement'.

[attilapiros]

@dongjoon-hyun, @squito it is my bad, this problem is present in earlier releases as well. If I can change the issue type I modify it to Bug.

[dongjoon-hyun]

I understand the situation. However, according to the content of the patch, it's an improvement to add a missing configuration, @attilapiros .

httpConfig.setRequestHeaderSize(conf.get(UI_REQUEST_HEADER_SIZE).toInt)

@rxin , @gatorsmile , @srowen . How do you think about this? If PMC allows this, I'd like to have this in the older branches, too. Otherwise, we need to revert this from branch-2.4.

[srowen]

Why not just hard-code a much higher limit? what's the consequence? in a generic public web server I can see that this defends against malicious or malformed requests, but that's much less an issue for an internal Spark server.

That is, would a user really need to vary this up and down and know enough to find this config?

[squito]

I think the default is pretty reasonable in most cases, in that this is the first time we've heard of someone hitting this limit. I'm not sure how high we would make it to get around this problem in general. And from the jetty docs: https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/server/HttpConfiguration.html#setRequestHeaderSize-int-

Larger headers will allow for more and/or larger cookies plus larger form content encoded in a URL. However, larger headers consume more memory and can make a server more vulnerable to denial of service attacks.

[attilapiros]

I would prefer to override this 8k limit when it is really necessary (and only with the extent which justified by the production system).

[squito]

btw I agree this was bad judgement on my part to only backport to 2.4, sorry abotu that and thanks for catching @dongjoon-hyun . I do think this fixes a bug (the ability to use the UI when you are a member of many user groups) and so should be backported further, though I would really be fine either way.

[dongjoon-hyun]

Thank you, @squito , @attilapiros , @srowen .

Then, @attilapiros , could you send backporting PRs against branch-2.3 and branch-2.2 please?

[attilapiros]

Thanks @dongjoon-hyun, of course I will create those PRs.

[attilapiros]

Backport PR for 2.3: #23114

[attilapiros]

Backport PR for 2.2: #23115

Both 2.2 and 2.3 are retested.