feat(server): add 30s connection timeout to prevent slow-client thread exhaustion (#198)
Set Handler.timeout = 30. Python's BaseHTTPRequestHandler.setup() calls self.request.settimeout(timeout), which raises socket.timeout on idle or slow connections after the configured duration. This defends against Slowloris-style attacks where a client holds connections open indefinitely, exhausting threads in ThreadingHTTPServer. Also recovers threads from crashed clients with hung TCP connections. Addresses #194.
This commit is contained in:
Cyprian Kowalczyk
committed by
GitHub
GitHub
parent
4d68fb31d4
commit
04678b7b6e
@@ -15,6 +15,7 @@ from api.routes import handle_get, handle_post
|
||||
|
||||
|
||||
class Handler(BaseHTTPRequestHandler):
|
||||
timeout = 30 # seconds — kills idle/incomplete connections to prevent thread exhaustion
|
||||
server_version = 'HermesWebUI/0.2'
|
||||
def log_message(self, fmt, *args): pass # suppress default Apache-style log
|
||||
|
||||
|
||||
Reference in New Issue
Block a user