Slow read attack in HTTP/2
Valentin V. Bartenev
vbart at nginx.com
Fri Aug 19 11:58:37 UTC 2016
On Friday 19 August 2016 17:06:41 Sharan J wrote:
> Hi,
>
> Would like to know what timeouts should be configured to mitigate slow read
> attack in HTTP/2.
>
A quote from the commit:
| Now almost all the request timeouts work like in HTTP/1.x connections, so
| the "client_header_timeout", "client_body_timeout", and "send_timeout" are
| respected. These timeouts close the request.
and the documentation links:
http://nginx.org/r/client_header_timeout
http://nginx.org/r/client_body_timeout
http://nginx.org/r/send_timeout
> Referred ->
> https://trac.nginx.org/nginx/changeset/4ba91a4c66a3010e50b84fc73f05e84619396885/nginx?_ga=1.129092111.226709851.1453970886
>
> Could not understand what you have done when all streams are stuck on
> exhausted connection or stream windows. Please can you explain me the same.
[..]
Each stream has its own timeout configured by the directives mentioned above.
If there's no progress on a stream during one of these timeouts then the stream
is closed.
wbr, Valentin V. Bartenev
More information about the nginx
mailing list