mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-09 04:18:50 +03:00
f49e0c9b56
Timeouts are important for mitigating slowloris, yes. But after a number of complaints and seeing that default timeouts are a sore point of confusion, we're disabling them now. However, the code that sets default timeouts remains intact; the defaults are just the zero value. While Caddy aims to be secure by default, Caddy also aims to serve a worldwide audience. Even my own internet here in Utah is poor at times, with bad WiFi signal, causing some connections to take over 10s to be established. Many use the Internet while commuting on slower connection speeds. Latency across country borders is another concern. As such, disabling default timeouts will serve a greater population of users than enabling them, as slowloris is easy to mitigate and does not seem to be reported often (I've only seen it once). It's also very difficult sometimes to distinguish slowloris from genuine slow networks. That decision is best left to the site owner for now. |
||
|---|---|---|
| .. | ||
| condition.go | ||
| condition_test.go | ||
| context.go | ||
| context_test.go | ||
| error.go | ||
| https.go | ||
| https_test.go | ||
| logger.go | ||
| logger_test.go | ||
| middleware.go | ||
| middleware_test.go | ||
| mitm.go | ||
| mitm_test.go | ||
| path.go | ||
| pathcleaner.go | ||
| pathcleaner_test.go | ||
| plugin.go | ||
| plugin_test.go | ||
| recorder.go | ||
| recorder_test.go | ||
| replacer.go | ||
| replacer_test.go | ||
| roller.go | ||
| server.go | ||
| server_test.go | ||
| siteconfig.go | ||
| vhosttrie.go | ||
| vhosttrie_test.go | ||