diff options
author | Igor Drozdov <idrozdov@gitlab.com> | 2022-05-19 13:10:14 +0400 |
---|---|---|
committer | Igor Drozdov <idrozdov@gitlab.com> | 2022-05-19 18:53:08 +0400 |
commit | 5b94726b822b52ffe256820df1a24307b2e2072f (patch) | |
tree | c069f3096f02b441b4a7802bf4998cd98ae4c9c0 /internal/sshd | |
parent | cbce19dac2b5033e6b969b3e82ec6aad2e247757 (diff) | |
download | gitlab-shell-5b94726b822b52ffe256820df1a24307b2e2072f.tar.gz |
Make ProxyHeaderTimeout configurable
Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/576
ProxyHeaderTimeout must be small to avoid DoS risk
Let's make the value configurable and 500ms by default
Diffstat (limited to 'internal/sshd')
-rw-r--r-- | internal/sshd/sshd.go | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/internal/sshd/sshd.go b/internal/sshd/sshd.go index a9cd302..4d4d6d5 100644 --- a/internal/sshd/sshd.go +++ b/internal/sshd/sshd.go @@ -26,7 +26,6 @@ const ( StatusReady StatusOnShutdown StatusClosed - ProxyHeaderTimeout = 90 * time.Second ) type Server struct { @@ -97,7 +96,7 @@ func (s *Server) listen(ctx context.Context) error { sshListener = &proxyproto.Listener{ Listener: sshListener, Policy: s.requirePolicy, - ReadHeaderTimeout: ProxyHeaderTimeout, + ReadHeaderTimeout: time.Duration(s.Config.Server.ProxyHeaderTimeout), } log.ContextLogger(ctx).Info("Proxy protocol is enabled") |