Add an idle timeout option
CrowdHailer opened this issue · comments
Connections that are opened to Ace, but never receive data should be closed after an certain timeout.
This is the idle_timeout (start_line_timeout).
This would be used to mitigate https://en.wikipedia.org/wiki/Slowloris_(computer_security)
Although this is a much smaller issue normal because of the way erlang handles IO.
- check cowboy option names, try and use recognised terms
- have a start_timeout headers_timeout
We used this python script to test connections
import socket
import time
import select
def check_connection(timeout):
conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
conn.connect(('127.0.0.1', 4100))
time.sleep(timeout)
try:
ready_to_read, ready_to_write, in_error = select.select([conn,], [conn,], [], 5)
except select.error:
conn.shutdown(2) # 0 = done receiving, 1 = done sending, 2 = both
conn.close()
print("Connection failed after %ss wait" % timeout)
conn.sendall("""GET /sys/ping HTTP/1.1\r\nHost: merchant\r\nConnection: keep-alive\r\n\r\n""")
r = conn.recv(1024)
if """{"status":"ok"}""" in r:
print("Connection successful after %ss wait" % timeout)
else:
print("Connection failed after %ss wait" % timeout)
if __name__ == "__main__":
for timeout in [1, 4, 7]:
check_connection(timeout)