auth web: make request/response timeout configurable

diff --git a/docs/http-api/index.rst b/docs/http-api/index.rst
index 256033f9f42cbb5acba4c8c7ecd7d3d43c69b67c..d2e56e7538d9f36e308ffb1709facdea893392d2 100644 (file)
--- a/docs/http-api/index.rst
+++ b/docs/http-api/index.rst
@@ -20,6 +20,7 @@ The following webserver related configuration items are available:
 * :ref:`setting-webserver-port`: Port to bind the webserver to.
 * :ref:`setting-webserver-allow-from`: Netmasks that are allowed to connect to the webserver
 * :ref:`setting-webserver-max-bodysize`: Maximum request/response body size in megabytes
+* :ref:`setting-webserver-connection-timeout`: Request/response timeout in seconds
 
 
 Metrics Endpoint

diff --git a/docs/settings.rst b/docs/settings.rst
index d1d37a30ecbb09b2276c5cf91abb95a874ed8214..620a4fbbbd0f7ff43320af1784ce6d62cafd45dc 100644 (file)
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -1953,6 +1953,17 @@ The value between the hooks is a UUID that is generated for each request. This c
 
 Maximum request/response body size in megabytes.
 
+.. _setting-webserver-connection-timeout:
+
+``webserver-connection-timeout``
+--------------------------------
+.. versionadded:: 4.8.5
+
+-  Integer
+-  Default: 5
+
+Request/response timeout in seconds.
+
 .. _setting-webserver-password:
 
 ``webserver-password``

diff --git a/pdns/auth-main.cc b/pdns/auth-main.cc
index f69bf6e20b56eeb1a8132dcc28757d3bbbb1fb24..c9b0542988cf42eb5411da7bd7f2dcd5ceb97bfd 100644 (file)
--- a/pdns/auth-main.cc
+++ b/pdns/auth-main.cc
@@ -242,6 +242,7 @@ static void declareArguments()
   ::arg().set("webserver-allow-from", "Webserver/API access is only allowed from these subnets") = "127.0.0.1,::1";
   ::arg().set("webserver-loglevel", "Amount of logging in the webserver (none, normal, detailed)") = "normal";
   ::arg().set("webserver-max-bodysize", "Webserver/API maximum request/response body size in megabytes") = "2";
+  ::arg().set("webserver-connection-timeout", "Webserver/API request/response timeout in seconds") = "5";
   ::arg().setSwitch("webserver-hash-plaintext-credentials", "Whether to hash passwords and api keys supplied in plaintext, to prevent keeping the plaintext version in memory at runtime") = "no";
 
   ::arg().setSwitch("query-logging", "Hint backends that queries should be logged") = "no";

diff --git a/pdns/webserver.cc b/pdns/webserver.cc
index 62ca90d4e122f5a612d7231a906c21c6daf52d34..98e8ca735f0eb4b9e8ce621f7b6119cd8a42a7ab 100644 (file)
--- a/pdns/webserver.cc
+++ b/pdns/webserver.cc
@@ -530,7 +530,7 @@ void WebServer::serveConnection(const std::shared_ptr<Socket>& client) const {
     YaHTTP::AsyncRequestLoader yarl;
     yarl.initialize(&req);
     req.max_request_size=d_maxbodysize;
-    int timeout = 5;
+    int timeout = d_connectiontimeout;
     client->setNonBlocking();
 
     try {
@@ -598,7 +598,8 @@ WebServer::WebServer(string listenaddress, int port) :
   d_listenaddress(std::move(listenaddress)),
   d_port(port),
   d_server(nullptr),
-  d_maxbodysize(2*1024*1024)
+  d_maxbodysize(2*1024*1024),
+  d_connectiontimeout(5)
 {
 }
 

diff --git a/pdns/webserver.hh b/pdns/webserver.hh
index c75dd99ad09a52ffa6af653536573628101c1322..29f0ddefe07f7b2429a8c17ce58abea208f19f21 100644 (file)
--- a/pdns/webserver.hh
+++ b/pdns/webserver.hh
@@ -209,6 +209,10 @@ public:
     d_maxbodysize = s * 1024 * 1024;
   }
 
+  void setConnectionTimeout(int t) { // in seconds
+    d_connectiontimeout = t;
+  }
+
   void setACL(const NetmaskGroup &nmg) {
     d_acl = nmg;
   }
@@ -282,6 +286,7 @@ protected:
   std::unique_ptr<CredentialsHolder> d_webserverPassword{nullptr};
 
   ssize_t d_maxbodysize; // in bytes
+  int d_connectiontimeout; // in seconds
 
   NetmaskGroup d_acl;
 

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 27c50b651c0e5961ea51dfcbd7db888ba5c1ace3..d13e735a242dee5b7d3651334cb5e262ae71853e 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -80,6 +80,7 @@ AuthWebServer::AuthWebServer() :
     d_ws->setACL(acl);
 
     d_ws->setMaxBodySize(::arg().asNum("webserver-max-bodysize"));
+    d_ws->setConnectionTimeout(::arg().asNum("webserver-connection-timeout"));
 
     d_ws->bind();
   }