Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(api): potential Slow Loris Attacks in API Server #1045

Merged
merged 2 commits into from
Apr 22, 2024

Conversation

skrashevich
Copy link
Contributor

This pull request introduces a configuration enhancement to the API server
designed to mitigate potential Slow Loris attacks. By setting a
'ReadHeaderTimeout' of 5 seconds, we enforce a time limit on how long the
server will wait for the header of an incoming request to be completed. This
avoids server resources being tied up indefinitely by such attacks, which
aim to exhaust server resources by sending partial requests slowly.

@skrashevich skrashevich changed the title Fix potential Slow Loris Attacks in API Server fix(api): potential Slow Loris Attacks in API Server Apr 18, 2024
@AlexxIT AlexxIT merged commit 12a7503 into AlexxIT:master Apr 22, 2024
@AlexxIT
Copy link
Owner

AlexxIT commented Apr 22, 2024

Thanks!

@skrashevich skrashevich deleted the sec-fix-slowloris branch April 22, 2024 17:45
@AlexxIT AlexxIT added this to the v1.9.0 milestone Apr 28, 2024
@AlexxIT
Copy link
Owner

AlexxIT commented Apr 30, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants