search

erlyaws / yaws

Yaws webserver
https://erlyaws.github.io
BSD 3-Clause "New" or "Revised" License
1.28k stars 268 forks source link

DoS #383

Open leoliu opened 5 years ago

leoliu commented 5 years ago

Make a HEAD or GET request using curl:

curl -I -H "transfer-encoding: chunked" url_to_yaws_server

which should tie up an acceptor for minutes. Start a few more such requests to tie up all acceptors.

vinoski commented 5 years ago

I'll look into it. It's likely that some streaming process needs a timeout.

leoliu commented 5 years ago

Replace transfer-encoding with content-length to get a similar issue. Post data with mismatching content-length also ties up an acceptor.

curl -H "content-length: 5" --data "abc" URL_YAWS_SERVER

There is also the case of a slow client for example one that connects and then sends one byte every 10 seconds (See Slowloris).

All these code paths eventually reach yaws:cli_recv/3 which do a recv on the socket with a default timeout #gconf.keepalive_timeout.

nginx seems to handle these cases safely and sensibly.