Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

web server readTimeout is ineffective #2832

Closed
linliyuan opened this issue Aug 3, 2023 · 3 comments
Closed

web server readTimeout is ineffective #2832

linliyuan opened this issue Aug 3, 2023 · 3 comments
Labels
bug It is confirmed a bug, but don't worry, we'll handle it. done This issue is done, which may be release in next version.

Comments

@linliyuan
Copy link

linliyuan commented Aug 3, 2023
edited by gqcn
Loading

1. What version of Go and system type/arch are you using?

go 1.19

2. What version of GoFrame are you using?

v2.2.2

3. Can this issue be re-produced with the latest release?

yes

4. What did you do?

this my server config

server:
  address: ":8100"
  openapiPath: "/api.json"
  swaggerPath: "/api/swagger"
  readTimeout: "5s"

5. What did you expect to see?

control server is cancel when process over 60s

6. What did you see instead?

http server is over 60s,how to use server param ’readTimeout‘
@linliyuan
Copy link
Author

Because this?
Then over time process how to cancel?

image

@gqcn gqcn added bug It is confirmed a bug, but don't worry, we'll handle it. done This issue is done, which may be release in next version. labels Oct 7, 2023
@gqcn
Copy link
Member

gqcn commented Oct 7, 2023

@linliyuan Please try the latest version. If this issue persists, try submitting a new issue.

@gqcn gqcn closed this as completed Oct 7, 2023
@linliyuan
Copy link
Author

@linliyuan Please try the latest version. If this issue persists, try submitting a new issue.

It seems that GF doesn't have any server-side timeout control. If a large number of long-time running requests are triggered, it can easily lead to a DDos attack. Moreover, even if the client has disconnected the request, the server will still complete the execution, which makes it even easier for the server to be attacked by DDos. How do you view this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug It is confirmed a bug, but don't worry, we'll handle it. done This issue is done, which may be release in next version.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gqcn @linliyuan