[feature]: make HTTP read header timeout configurable #7232
Assignees
Labels
config
Parameters/arguments/config file related issues/PRs
enhancement
Improvements to existing features / behaviour
good first issue
Issues suitable for first time contributors to LND
P3
might get fixed, nice to have
REST
Comments
|
I suppose we keep the current behavior as is (which means no timeout) if undefined. I did however notice Nginx have its default read header timeout set to 60s (http://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_timeout), while the default setup for Apache has no timeout. |
|
Please I am a first timer here and I am looking for an issue to get started with. I would like to know if I can take on this |
|
Hello, I did a quick search for HTTP. Server and these are the files, I found it:
|
|
I would leave it unchanged for now. |
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
One of the new linters has a rule to detect potential problems with intentionally slow clients:
G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)Describe the solution you'd like
We should add the
ReadHeaderTimeoutconfig value everywhere we use ahttp.Server(non-exhaustive list of examples: REST proxy server, pprof server, let's encrypt cert server) and also make the value globally configurable.The text was updated successfully, but these errors were encountered: