search

akka / akka-http

The Streaming-first HTTP server/module of Akka
https://doc.akka.io/docs/akka-http
Other
1.34k stars 594 forks source link

Security audit: slow HTTP DoS attacks #238

Open ktoso opened 8 years ago

ktoso commented 8 years ago

Issue by jrudolph Tuesday Feb 10, 2015 at 15:41 GMT Originally opened as https://github.com/akka/akka/issues/16831

E.g. with https://code.google.com/p/slowhttptest/

spray/spray#708

/cc @sirthias

ktoso commented 8 years ago

Comment by rkuhn Thursday Feb 12, 2015 at 14:43 GMT

maybe include in t:http:next?

ktoso commented 8 years ago

Comment by rkuhn Monday Feb 16, 2015 at 09:48 GMT

This ticket can be removed from t:http:next once we have made sure that all timeouts and maximum concurrent request limits are otherwise in place. Then this ticket is about discussing further options for mitigating classes of DoS attacks.

ktoso commented 8 years ago

Comment by drewhk Tuesday Aug 25, 2015 at 12:58 GMT

Proper timeout support is on the way, I hope I get it out this week.

ktoso commented 8 years ago

Comment by jrudolph Tuesday Aug 25, 2015 at 13:02 GMT

Cool :)

ktoso commented 8 years ago

Comment by rkuhn Wednesday Mar 23, 2016 at 15:52 GMT

are we there yet?

ktoso commented 8 years ago

Comment by ktoso Monday Apr 04, 2016 at 12:25 GMT

Lifted the http:next here, I believe we have all limits in pace. We should spend some time on specifically hardening and documenting more for this case though