New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

h2: Add a rate limit facility for h/2 RST handling ("Rapid reset" mitigation) #3997

Merged

daghf merged 3 commits into varnishcache:master from daghf:h2_rst_allowance

Oct 17, 2023

Commits on Oct 17, 2023

h2: Add a rate limit facility for h/2 RST handling
```
This adds parameters h2_rst_allowance and h2_rst_allowance_period,
which govern the rate of which we allow clients to reset h/2 streams.

If the limit is exceeded the connection is closed.

Mitigates: varnishcache#3996
```
daghf committed Oct 17, 2023
Configuration menu
View commit details

Copy full SHA for a6a5cd5

Browse repository at this point
Copy the full SHA

a6a5cd5 View commit details

Browse the repository at this point in the history
Introduce RAPID_RESET as a sess_close reason

daghf committed Oct 17, 2023
Configuration menu
View commit details

Copy full SHA for 7236bc0

Browse repository at this point
Copy the full SHA

7236bc0 View commit details

Browse the repository at this point in the history
Add param h2_rapid_reset
```
Only RST frames received earlier than this duration will be considered
rapid.
```
daghf committed Oct 17, 2023
Configuration menu
View commit details

Copy full SHA for e5c5abf

Browse repository at this point
Copy the full SHA

e5c5abf View commit details

Browse the repository at this point in the history