You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I guess what I'm looking for is something like client_request_timeout. However, it seems that the timeout requires that the client starts sending the headers for the first request. What happens if the client does not send any headers at all?
I've created a sample repo to reproduce the setup described above:
Sends a slow request. "Slow" means headers are sent one byte at a time, waiting 1 second between bytes. I want to force a timeout for sending the headers on the server.
This is the output:
Connected to the server: http://127.0.0.1:3000!
Sleeping 15 seconds ...
New request ...
Response OK: 107 bytes
HTTP/1.1 408 Request Timeout
content-length: 0
connection: close
date: Wed, 17 Apr 2024 17:18:43 GMT
New request ...
thread 'main' panicked at examples/client.rs:53:10:
Failed to write to stream: Os { code: 32, kind: BrokenPipe, message: "Broken pipe" }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Despite waiting 15 seconds before sending the first request, the server doesn't close the connection. The client receives a HTTP/1.1 408 Request Timeout for the first request. However, I would expect the connection to be closed.
I guess, two things are happening (I would like to confirm that):
ActixWeb does not close the connection if the client does not send any request. It closes the connection after receiving the first request if receiving the first request takes longer than the timeout (default to 5 minutes),
If point 1 is true ActixWeb does not mitigate the Slowloris DoS Attack.
On the other hand, when I use telnet instead of my example, it seems to work as I expect. If I set a client_request_timeout to 5 seconds:
use std::time::Duration;use actix_web::{web,App,HttpResponse,HttpServer,Responder};asyncfnhello() -> implResponder{println!("New request ...");HttpResponse::Ok().body("Hello world!")}#[actix_web::main]asyncfnmain() -> std::io::Result<()>{println!("Starting server on: http://127.0.0.1:3000 ...");// DevSkim: ignore DS137138HttpServer::new(|| App::new().route("/", web::get().to(hello))).bind(("127.0.0.1",3000))?
.client_request_timeout(Duration::from_secs(5)).run().await}
When I use telnet:
$ telnet localhost 3000Trying 127.0.0.1...Connected to localhost.Escape character is '^]'.HTTP/1.1 408 Request Timeoutcontent-length: 0connection: closedate: Fri, 19 Apr 2024 06:14:18 GMTConnection closed by foreign host.
After 5 seconds, the connection is closed, and I receive the HTTP/1.1 408 Request Timeout.
I can even make a request by sending these headers:
GET / HTTP/1.1
Host: localhost
And after 5 seconds of not sending any request, the connection is closed, and I receive the HTTP/1.1 408 Request Timeout.
How can I receive the HTTP/1.1 408 Request Timeout if I'm not sending any requests?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Relates to: tokio-rs/axum#2716
Does ActixWeb close a connection if the client sends no requests after opening the connection?
I want to know if there is a timeout for this case:
I've seen 4 options in the configuration:
https://docs.rs/actix-web/latest/actix_web/struct.HttpServer.html#method.client_request_timeout
I guess what I'm looking for is something like client_request_timeout. However, it seems that the timeout requires that the client starts sending the headers for the first request. What happens if the client does not send any headers at all?
I've created a sample repo to reproduce the setup described above:
https://github.com/josecelano/axum-server-timeout
The client:
This is the output:
Despite waiting 15 seconds before sending the first request, the server doesn't close the connection. The client receives a
HTTP/1.1 408 Request Timeout
for the first request. However, I would expect the connection to be closed.I guess, two things are happening (I would like to confirm that):
On the other hand, when I use telnet instead of my example, it seems to work as I expect. If I set a
client_request_timeout
to 5 seconds:When I use telnet:
After 5 seconds, the connection is closed, and I receive the
HTTP/1.1 408 Request Timeout
.I can even make a request by sending these headers:
And after 5 seconds of not sending any request, the connection is closed, and I receive the
HTTP/1.1 408 Request Timeout
.How can I receive the
HTTP/1.1 408 Request Timeout
if I'm not sending any requests?Beta Was this translation helpful? Give feedback.
All reactions