Lint / SEC: Add mitigation for slowloris DoS attack vector

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2024-09-18 17:52:54 +00:00 · 2022-09-06 00:35:40 +02:00 · 2022-09-06 00:35:40 +02:00 · 6210646351
commit 6210646351
parent e259ca209c
1 changed files with 8 additions and 1 deletions
--- a/main.go
+++ b/main.go
@ -32,6 +32,8 @@ const (
 	initialIRCRetryBackoff    = 500 * time.Millisecond
 	ircRetryBackoffMultiplier = 1.5
 	maxIRCRetryBackoff        = time.Minute
+
+	httpReadHeaderTimeout = 5 * time.Second
 )

 var (
@ -252,7 +254,12 @@ func main() {
 			log.WithError(err).Fatal("Unable to open http_listen port")
 		}

-		go http.Serve(listener, router)
+		server := &http.Server{
+			ReadHeaderTimeout: httpReadHeaderTimeout, // gosec: G114 - Mitigate "slowloris" DoS attack vector
+			Handler:           router,
+		}
+
+		go server.Serve(listener)
 		log.WithField("address", listener.Addr().String()).Info("HTTP server started")

 		checkExternalHTTP()