-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[HTTP/2] extend flood protection to upstream servers #12281
Comments
While we're at it, we should rethink how flood protection is implemented. We have seen that throwing an exception when triggering the flood condition is risky. #11370 may be the best way to address data frame flooding cases. Control frame flooding requires more thought. |
Upstream flood and abuse checks will be implemented in the following steps:
|
Tests that need to be implemented for upstream flood/abuse checks. Test names come from the http2_flood_integration_tests test suite
|
Flood protection checks are currently enabled in downstream (server) codecs. These checks need to be extended to the upstream client codecs as well to allow Envoy to work with untrusted upstream servers.
Depends on #12280
Sub-task of #12278
The text was updated successfully, but these errors were encountered: