]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 03a557a) | patch
Make max number of HTTP/2 streams configurable
authorArtem Boldariev <artem@boldariev.com>
Tue, 18 May 2021 09:03:58 +0000 (12:03 +0300)
committerArtem Boldariev <artem@boldariev.com>
Fri, 16 Jul 2021 08:50:22 +0000 (11:50 +0300)
commit590e8e0b86492cd251ffac99c5d790d230d85535
treeab06a1c32b80e39fb81010408c95f8c840c12773tree | snapshot
parent03a557a9bbfb1ef930620d73ae8c0c6c763088becommit | diff
Make max number of HTTP/2 streams configurable

This commit makes number of concurrent HTTP/2 streams per connection
configurable as a mean to fight DDoS attacks. As soon as the limit is
reached, BIND terminates the whole session.

The commit adds a global configuration
option (http-streams-per-connection) which can be overridden in an
http <name> {...} statement like follows:

http local-http-server {
    ...
    streams-per-connection 100;
    ...
};

For now the default value is 100, which should be enough (e.g. NGINX
uses 128, but it is a full-featured WEB-server). When using lower
numbers (e.g. ~70), it is possible to hit the limit with
e.g. flamethrower.
13 files changed:
bin/named/config.c diff | blob | blame | history
bin/named/include/named/globals.h diff | blob | blame | history
bin/named/server.c diff | blob | blame | history
bin/tests/system/checkconf/good-doh-1.conf diff | blob | blame | history
bin/tests/test_server.c diff | blob | blame | history
lib/isc/include/isc/netmgr.h diff | blob | blame | history
lib/isc/netmgr/http.c diff | blob | blame | history
lib/isc/netmgr/netmgr-int.h diff | blob | blame | history
lib/isc/tests/doh_test.c diff | blob | blame | history
lib/isccfg/namedconf.c diff | blob | blame | history
lib/ns/include/ns/listenlist.h diff | blob | blame | history
lib/ns/interfacemgr.c diff | blob | blame | history
lib/ns/listenlist.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git