Mitigate slow read attacks

Question

Mitigate slow read attacks

nateberkopec opened this issue a year ago · comments

There are two non-mutually-exclusive paths forward:

Mitigate slow read attacks by putting responses in the Reactor loop.
Mitigate slow read attacks through other means, e.g. limits on connection lifetime, limits on acceptable window sizes

There's a tool for reproducing this attack (and some other great info) here https://github.com/shekyan/slowhttptest/wiki

Johnny Shields · Answer 1 · Wed Mar 29 2023 15:30:26 GMT+0800 (China Standard Time)

Is this attack possible even if Puma is behind Nginx?

Steven Harman · Answer 2 · Wed Mar 29 2023 22:05:23 GMT+0800 (China Standard Time)

@johnnyshields Assuming you've got nginx configured with proxy_buffering on, then you're probably fine. Similar if you're on Heroku as the Heroku Router will buffer up to 1MiB of response for you. There's a longer discussion of this issue too.

MSP-Greg · Answer 3 · Wed Mar 29 2023 22:42:19 GMT+0800 (China Standard Time)

Also, https://blog.qualys.com/vulnerabilities-threat-research/2012/01/05/slow-read