3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 08:50:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

envoy: disable idle timeouts to controlplane (#1000)

Browse source 
* envoy: disable idle timeouts to controlplane to support streaming requests

* envoy: add request timeout for attack mitigation
This commit is contained in:
Travis Groth 2020-06-25 13:14:24 -04:00 committed by GitHub
parent b3ee4f534e
commit 917d8ec61b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
internal/controlplane/xds_listeners.go
View file

@ -289,6 +289,10 @@ func buildGRPCHTTPConnectionManagerFilter() *envoy_config_listener_v3.Filter {
tc, _ := ptypes.MarshalAny(&envoy_http_connection_manager.HttpConnectionManager{
CodecType: envoy_http_connection_manager.HttpConnectionManager_AUTO,
StatPrefix: "grpc_ingress",
// limit request first byte to last byte time
RequestTimeout: &durationpb.Duration{
Seconds: 15,
},
RouteSpecifier: &envoy_http_connection_manager.HttpConnectionManager_RouteConfig{
RouteConfig: buildRouteConfiguration("grpc", []*envoy_config_route_v3.VirtualHost{{
Name: "grpc",
@ -308,6 +312,9 @@ func buildGRPCHTTPConnectionManagerFilter() *envoy_config_listener_v3.Filter {
Timeout: &durationpb.Duration{
Seconds: 0,
},
IdleTimeout: &durationpb.Duration{
Seconds: 0,
},
},
},
}},