[MEDIUM] introduce "timeout http-request" in frontends In order to offer DoS protection, it may be required to lower the maximum accepted time to receive a complete HTTP request without affecting the client timeout. This helps protecting against established connections on which nothing is sent. The client timeout cannot offer a good protection against this abuse because it is an inactivity timeout, which means that if the attacker sends one character every now and then, the timeout will not trigger. With the HTTP request timeout, no matter what speed the client types, the request will be aborted if it does not complete in time.

commit: 036fae0ec927ec9d60956ca8748cd3d203c11fe6 [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Sun Jan 06 13:24:40 2008 +0100
committer: Willy Tarreau <w@1wt.eu> Sun Jan 06 13:24:40 2008 +0100
tree: 2870efdcefb5e150c70f4947f560acbe29d4742e
parent: a0250ba38da12775bcc829b13c063aa4e5e37b25 [diff] [blame]
diff --git a/include/types/proto_http.h b/include/types/proto_http.h
index c5e051e..6453061 100644
--- a/include/types/proto_http.h
+++ b/include/types/proto_http.h

@@ -241,6 +241,7 @@
 	char *srv_cookie;		/* cookie presented by the server, in capture mode */
 	int status;			/* HTTP status from the server, negative if from proxy */
 	unsigned int flags;             /* transaction flags */
+	struct timeval exp;             /* expiration date for the transaction (generally a request) */
 };
 
 /* This structure is used by http_find_header() to return values of headers.
commit	036fae0ec927ec9d60956ca8748cd3d203c11fe6	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Sun Jan 06 13:24:40 2008 +0100
committer	Willy Tarreau <w@1wt.eu>	Sun Jan 06 13:24:40 2008 +0100
tree	2870efdcefb5e150c70f4947f560acbe29d4742e
parent	a0250ba38da12775bcc829b13c063aa4e5e37b25 [diff] [blame]