git.kaiwu.me - haproxy.git/commit

author	Willy Tarreau <w@1wt.eu>
	Sun, 6 Jan 2008 12:24:40 +0000 (13:24 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Sun, 20 Jan 2008 22:43:28 +0000 (23:43 +0100)
commit	5a14f18f500cbc8c1bba9c042868f3b8a0a307b7
tree	f2c4d68e7fd0c98f624373a7489b355c7d4e9d00	tree \| snapshot
parent	544c4cca695d97c593d11ef9abc89cc0d5a7c1c8	commit \| diff

[MEDIUM] introduce "timeout http-request" in frontends

In order to offer DoS protection, it may be required to lower the maximum
accepted time to receive a complete HTTP request without affecting the client
timeout. This helps protecting against established connections on which
nothing is sent. The client timeout cannot offer a good protection against
this abuse because it is an inactivity timeout, which means that if the
attacker sends one character every now and then, the timeout will not
trigger. With the HTTP request timeout, no matter what speed the client
types, the request will be aborted if it does not complete in time.

doc/configuration.txt		diff \| blob \| history
include/types/proto_http.h		diff \| blob \| history
include/types/proxy.h		diff \| blob \| history
src/cfgparse.c		diff \| blob \| history
src/client.c		diff \| blob \| history
src/proto_http.c		diff \| blob \| history
src/proxy.c		diff \| blob \| history
tests/test-timeout.cfg		diff \| blob \| history