Hey,
just as reminder, limiting HTTP/2 connections to 1000 requests without
graceful shutdown via 2-stage GOAWAY is still an issue and while this
might work with browsers, you're going to break gRPC-based
microservices proxied via NGINX pretty badly, so you should either
implement graceful shutdown
Hey Valentin,
> This opens a vector for dos attack. There are some configurations
> when memory can be allocated from connection pool for each request.
> Removing a reasonable enough limit for requests per connection
> potentially allow an attacker to grow this pool until a worker
> process will
On четверг, 31 августа 2017 г. 0:55:21 MSK Piotr Sikora via nginx-devel wrote:
> # HG changeset patch
> # User Piotr Sikora
> # Date 1504129797 25200
> # Wed Aug 30 14:49:57 2017 -0700
> # Node ID 49b677bf2ae7ab92499766e8184ddcbf7a4233f9
> # Parent c7d4017c8876af6d8570e400320537d7d39e9578
>
# HG changeset patch
# User Piotr Sikora
# Date 1504129797 25200
# Wed Aug 30 14:49:57 2017 -0700
# Node ID 49b677bf2ae7ab92499766e8184ddcbf7a4233f9
# Parent c7d4017c8876af6d8570e400320537d7d39e9578
HTTP/2: don't limit number of requests per HTTP/2 connection.
Previous default limit (1000 r
