Open CrowdHailer opened 6 years ago
Connections that are opened to Ace, but never receive data should be closed after an certain timeout. This is the idle_timeout (start_line_timeout).
idle_timeout
This would be used to mitigate https://en.wikipedia.org/wiki/Slowloris_(computer_security) Although this is a much smaller issue normal because of the way erlang handles IO.
We used this python script to test connections
import socket import time import select def check_connection(timeout): conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM) conn.connect(('127.0.0.1', 4100)) time.sleep(timeout) try: ready_to_read, ready_to_write, in_error = select.select([conn,], [conn,], [], 5) except select.error: conn.shutdown(2) # 0 = done receiving, 1 = done sending, 2 = both conn.close() print("Connection failed after %ss wait" % timeout) conn.sendall("""GET /sys/ping HTTP/1.1\r\nHost: merchant\r\nConnection: keep-alive\r\n\r\n""") r = conn.recv(1024) if """{"status":"ok"}""" in r: print("Connection successful after %ss wait" % timeout) else: print("Connection failed after %ss wait" % timeout) if __name__ == "__main__": for timeout in [1, 4, 7]: check_connection(timeout)
Connections that are opened to Ace, but never receive data should be closed after an certain timeout. This is the
idle_timeout(start_line_timeout).This would be used to mitigate https://en.wikipedia.org/wiki/Slowloris_(computer_security) Although this is a much smaller issue normal because of the way erlang handles IO.
We used this python script to test connections