feat(config): support large uploads with read header timeout
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 1m40s
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 1m40s
Disable default read and write timeouts (set to 0s) to prevent Go from prematurely closing connections during large multi-GB uploads. Introduce `WARPBOX_READ_HEADER_TIMEOUT` (defaulting to 15s) to protect against slowloris-style attacks while still allowing long-running uploads to complete. Update documentation and example configurations accordingly.
This commit is contained in:
@@ -54,6 +54,24 @@ network edge, or set it to a value that does not include public clients. Direct
|
||||
public exposure is not recommended; use a reverse proxy for TLS and request
|
||||
normalization.
|
||||
|
||||
## Large Uploads
|
||||
|
||||
Multi-GB uploads must not use whole-body read/write deadlines. Keep these
|
||||
Warpbox values for production unless you intentionally want a hard wall-clock
|
||||
upload limit:
|
||||
|
||||
```env
|
||||
WARPBOX_READ_HEADER_TIMEOUT=15s
|
||||
WARPBOX_READ_TIMEOUT=0s
|
||||
WARPBOX_WRITE_TIMEOUT=0s
|
||||
```
|
||||
|
||||
`WARPBOX_READ_HEADER_TIMEOUT` protects request headers. `WARPBOX_READ_TIMEOUT`
|
||||
and `WARPBOX_WRITE_TIMEOUT` cover the whole upload/response lifetime in Go, so
|
||||
small values can cause browser errors such as `NS_ERROR_NET_INTERRUPT` during
|
||||
large transfers. Upload size, daily, storage, and box limits still enforce abuse
|
||||
controls independently of these timeout values.
|
||||
|
||||
## Ban Behavior
|
||||
|
||||
Active bans return:
|
||||
|
||||
Reference in New Issue
Block a user