Slow read attack in HTTP/2
Valentin V. Bartenev
vbart at nginx.com
Fri Aug 19 11:58:37 UTC 2016
On Friday 19 August 2016 17:06:41 Sharan J wrote:
> Would like to know what timeouts should be configured to mitigate slow read
> attack in HTTP/2.
A quote from the commit:
| Now almost all the request timeouts work like in HTTP/1.x connections, so
| the "client_header_timeout", "client_body_timeout", and "send_timeout" are
| respected. These timeouts close the request.
and the documentation links:
> Referred ->
> Could not understand what you have done when all streams are stuck on
> exhausted connection or stream windows. Please can you explain me the same.
Each stream has its own timeout configured by the directives mentioned above.
If there's no progress on a stream during one of these timeouts then the stream
wbr, Valentin V. Bartenev
More information about the nginx