You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Wouldn't this check be more correct to alert when ReadTimeout == 0 and ReadHeaderTimeout == 0?
// (snip) If ReadHeaderTimeout// is zero, the value of ReadTimeout is used. If both are// zero, there is no timeout.ReadHeaderTimeout [time](https://pkg.go.dev/time).[Duration](https://pkg.go.dev/time#Duration)
Summary
Add rule which should detect if
ReadHeaderTimeout
is configured in thehttp.Server
. This should prevent a Slowloris Attack. See more details at https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6.The text was updated successfully, but these errors were encountered: