summaryrefslogtreecommitdiffhomepage
path: root/src/stream/ngx_stream_variables.c
diff options
context:
space:
mode:
authorRuslan Ermilov <ru@nginx.com>2018-11-06 16:29:49 +0300
committerRuslan Ermilov <ru@nginx.com>2018-11-06 16:29:49 +0300
commitb5802dbf51cf713f84c763180bc45069fb3bf320 (patch)
tree9ed4b8c7bf4dd9508713994fba8ead78a3c8863a /src/stream/ngx_stream_variables.c
parent65b2c00d624f17892c777f8fb5bb9c623cff5188 (diff)
downloadnginx-b5802dbf51cf713f84c763180bc45069fb3bf320.tar.gz
nginx-b5802dbf51cf713f84c763180bc45069fb3bf320.tar.bz2
HTTP/2: limit the number of idle state switches.
An attack that continuously switches HTTP/2 connection between idle and active states can result in excessive CPU usage. This is because when a connection switches to the idle state, all of its memory pool caches are freed. This change limits the maximum allowed number of idle state switches to 10 * http2_max_requests (i.e., 10000 by default). This limits possible CPU usage in one connection, and also imposes a limit on the maximum lifetime of a connection. Initially reported by Gal Goldshtein from F5 Networks.
Diffstat (limited to 'src/stream/ngx_stream_variables.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit (git 2.34.1) at 2025-12-10 20:55:38 +0000