You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fix H2 IWS=0 and HTTP/1 slow-read response-body buffering DoS.
HTTP/2 INITIAL_WINDOW_SIZE=0 attack: a client advertising a zero send
window causes ATS to fetch origin responses that it cannot forward,
allowing unbounded response-body accumulation in IOBuffers.
For HTTP/2, add a per-stream _send_buffer_full flag. When
send_a_data_frame() returns NO_WINDOW, the flag is set and
update_write_request() skips future send attempts, preventing the
origin read VIO from being re-enabled. The flag is cleared in
restart_sending() when a WINDOW_UPDATE opens the peer window.
Measured buffer per stream: ~86 KB vs 100 MB origin body.
For HTTP/1, enable HttpTunnel flow control by default (high_water=32 MB,
low_water=8 MB). TCP backpressure already naturally limits per-stream
buffering to ~150 KB, and the application-level watermarks add a
defense-in-depth cap. Measured buffer per stream: ~148 KB vs 100 MB.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
0 commit comments