108 }
109
110 // Create a HTTP server with the registered request handlers, using logrus for logging
111 server := http.Server{112 Handler: handler,
113 }
114
Slowloris is a type of denial of service (DoS) attack tool which allows a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports.
Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to but never completing the request. Affected servers will keep these connections open, filling their maximum concurrent connection pool and eventually denying additional connection attempts from clients.
It is recommended to have a timeout for connections to prevent such attacks.
package main
import (
"fmt"
"time"
"net/http"
)
func main() {
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, %s!", r.URL.Path[1:])
})
server := &http.Server{
Addr: ":1234",
}
err := server.ListenAndServe()
if err != nil {
panic(err)
}
}
package main
import (
"fmt"
"time"
"net/http"
)
func main() {
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, %s!", r.URL.Path[1:])
})
server := &http.Server{
Addr: ":1234",
ReadHeaderTimeout: 3 * time.Second,
}
err := server.ListenAndServe()
if err != nil {
panic(err)
}
}