Welcome! Log In Create A New Profile

Advanced

Re: Slow read attack in HTTP/2

Previous Message Next Message
Forum List Message List New Topic Print View
Sharan J
August 19, 2016 08:40AM
Hi,

Thanks for the response.

Would like to know what happens in the following scenario,

Client sets its initial congestion window size to be very small and
requests for a large data. It updates the window size everytime when it
gets exhausted with a small increment (so send_timeout wont happen as
writes happens always but in a very small amount). In this case won't the
connection remain until the server flushes all the data to the client which
has very less window size?

If the client opens many such connections with many streams, each
requesting for a very large data, then won't it cause DOS?

Thanks,
Sharan



On Fri, Aug 19, 2016 at 5:28 PM, Valentin V. Bartenev <vbart@nginx.com>
wrote:

> On Friday 19 August 2016 17:06:41 Sharan J wrote:
> > Hi,
> >
> > Would like to know what timeouts should be configured to mitigate slow
> read
> > attack in HTTP/2.
> >
>
> A quote from the commit:
>
> | Now almost all the request timeouts work like in HTTP/1.x connections,
> so
> | the "client_header_timeout", "client_body_timeout", and "send_timeout"
> are
> | respected. These timeouts close the request.
>
> and the documentation links:
>
> http://nginx.org/r/client_header_timeout
> http://nginx.org/r/client_body_timeout
> http://nginx.org/r/send_timeout
>
>
> > Referred ->
> > https://trac.nginx.org/nginx/changeset/4ba91a4c66a3010e50b84fc73f05e8
> 4619396885/nginx?_ga=1.129092111.226709851.1453970886
> >
> > Could not understand what you have done when all streams are stuck on
> > exhausted connection or stream windows. Please can you explain me the
> same.
> [..]
>
> Each stream has its own timeout configured by the directives mentioned
> above.
> If there's no progress on a stream during one of these timeouts then the
> stream
> is closed.
>
> wbr, Valentin V. Bartenev
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Slow read attack in HTTP/2

Sharan J August 19, 2016 07:46AM

Re: Slow read attack in HTTP/2

Valentin V. Bartenev August 19, 2016 08:00AM

Re: Slow read attack in HTTP/2

Sharan J August 19, 2016 08:40AM

Re: Slow read attack in HTTP/2

Валентин Бартенев August 19, 2016 09:54AM

Re: Slow read attack in HTTP/2

Sharan J August 22, 2016 03:12AM

Re: Slow read attack in HTTP/2

Valentin V. Bartenev August 22, 2016 06:14AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 150
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready