-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aiohttp.server.ServerHttpProtocol
has no mechanism to prevent broken sockets (example broken from client side)
#12
Comments
could you explain why |
in other places of code -- but if rewrite using |
it is not clear what is "in other places of code", could you be more specific. |
for example -- if socket will broken before client was sent all headers to server. |
that's good point. i need to think. |
thank you very much for your time! |
i think this issue may be closed (merged #11 ). thanks! |
i want to add extra timeout. lets keep this open for now. |
it is will be very good! |
по поводу английского не переживай |
а ведь имя "Николай" должно было бы мне подсказать :) but name "Nikolay" would be suggest to me :-) |
added slow request timeout @1977f04738102c9f3469acc780536b918acd056e |
а было бы большой ошибкой -- если например запускать slow timeout перед самым началом парсинга запроса от клиента (включая prefix)? то есть -- если например заменить этот код (в
на:
but will be big error if to start timeout (slow request timeout) before first begin of parsing request (including prefix). for example -- if replace up code to down code (in |
( I fixed last message ) |
i think it is better to start timer in connection_made only for first request @3f969b1bb7c4e705c05940625106d2939df53cf0 |
good day!
aiohttp.server.ServerHttpProtocol
has no mechanism to prevent broken sockets.broken sockets -- will be as resource leak on server-side.
from client side -- attacker may be [specially] creating broken-sockets to make easy DoS-attake to owr server-side..
or broken sockets may be accumulates on server-side [not-specially] due other randomly situations from badly clients.
example of solution of this issue: #11
(variable:
self._keep_alive_period
it is not solution for all cases)alternative solution -- create timeout in
aiohttp.server.ServerHttpProtocol
.(timeout is good way, but it may has own problems.)
thanks in advance! :-)
and sorry my bad english :(
The text was updated successfully, but these errors were encountered: