Hey Valentin, > This opens a vector for dos attack. There are some configurations > when memory can be allocated from connection pool for each request. > Removing a reasonable enough limit for requests per connection > potentially allow an attacker to grow this pool until a worker > process will be killed due to OOM. > > The problem should be solved by introducing "lingering close", > similar to HTTP/1.x.
Yes, the proper solution is graceful shutdown via 2-stage GOAWAY, as defined in RFC7540, Section 6.8, but I don't have capacity to work on it now, and above patch is IMHO better than lost requests. Best regards, Piotr Sikora _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
