mirror of
https://github.com/Luzifer/twitch-bot.git
synced 2024-12-20 11:51:17 +00:00
Lint / SEC: Add mitigation for slowloris DoS attack vector
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
e259ca209c
commit
6210646351
1 changed files with 8 additions and 1 deletions
9
main.go
9
main.go
|
@ -32,6 +32,8 @@ const (
|
|||
initialIRCRetryBackoff = 500 * time.Millisecond
|
||||
ircRetryBackoffMultiplier = 1.5
|
||||
maxIRCRetryBackoff = time.Minute
|
||||
|
||||
httpReadHeaderTimeout = 5 * time.Second
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -252,7 +254,12 @@ func main() {
|
|||
log.WithError(err).Fatal("Unable to open http_listen port")
|
||||
}
|
||||
|
||||
go http.Serve(listener, router)
|
||||
server := &http.Server{
|
||||
ReadHeaderTimeout: httpReadHeaderTimeout, // gosec: G114 - Mitigate "slowloris" DoS attack vector
|
||||
Handler: router,
|
||||
}
|
||||
|
||||
go server.Serve(listener)
|
||||
log.WithField("address", listener.Addr().String()).Info("HTTP server started")
|
||||
|
||||
checkExternalHTTP()
|
||||
|
|
Loading…
Reference in a new issue