On Tue, 10 Oct 2023 at 20:22, Willy Tarreau <w...@1wt.eu> wrote: > > So at this point I'm still failing to find any case where this attack > hurts haproxy more than any of the benchmarks we're routinely inflicting > it, given that it acts exactly like a client configured with a short > timeout (e.g. if you configure haproxy with "timeout server 1" and > have an h2 server, you will basically get the same traffic pattern).
This is pretty much the situation with nginx as well: https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Lukas