Add cardinality warning about two opt-in attributes

open-telemetry · Oct 12, 2023 · 20ebac5 · 20ebac5
1 parent ea50a0d
commit 20ebac5
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,9 @@ release.
 
 ### Fixes
 
+- Add cardinality warning about two opt-in HTTP metric attributes
+  ([#999](https://github.com/open-telemetry/semantic-conventions/pull/999))
+
 ## v1.22.0 (2023-10-12)
 
 - Remove experimental Kafka metrics ([#338](https://github.com/open-telemetry/semantic-conventions/pull/338))

diff --git a/docs/http/http-metrics.md b/docs/http/http-metrics.md
@@ -208,13 +208,19 @@ Tracing instrumentations that do so, MUST also set `http.request.method_original
 
 SHOULD NOT be set if only IP address is available and capturing name would require a reverse DNS lookup.
 
+Warning: since this attribute may be based on the `Host` header, opting in to it may allow an attacker
+to trigger cardinality limits, degrading the usefulness of other metric dimensions.
+
 **[3]:** Determined by using the first of the following that applies
 
 - Port identifier of the [primary server host](/docs/http/http-spans.md#http-server-definitions) of the matched virtual host.
 - Port identifier of the [request target](https://www.rfc-editor.org/rfc/rfc9110.html#target.resource)
   if it's sent in absolute-form.
 - Port identifier of the `Host` header
 
+Warning: since this attribute may be based on the `Host` header, opting in to it may allow an attacker
+to trigger cardinality limits, degrading the usefulness of other metric dimensions.
+
 `http.request.method` has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
 
 | Value  | Description |

diff --git a/model/metrics/http.yaml b/model/metrics/http.yaml
@@ -52,6 +52,9 @@ groups:
 
           SHOULD NOT be set if only IP address is available and capturing name would require a reverse DNS lookup.
 
+          Warning: since this attribute may be based on the `Host` header, opting in to it may allow an attacker
+          to trigger cardinality limits, degrading the usefulness of other metric dimensions.
+
       - ref: server.port
         requirement_level: opt_in
         brief: >
@@ -64,6 +67,9 @@ groups:
             if it's sent in absolute-form.
           - Port identifier of the `Host` header
 
+          Warning: since this attribute may be based on the `Host` header, opting in to it may allow an attacker
+          to trigger cardinality limits, degrading the usefulness of other metric dimensions.
+
   - id: metric.http.server.request.body.size
     type: metric
     metric_name: http.server.request.body.size