Skip to content

Is workerd intended to be resilient in the face of untrusted HTTP clients? #1238

Answered by kentonv
isker asked this question in Q&A
Discussion options

You must be logged in to vote

Yes, workerd is intended to be able to handle malicious direct clients. That said, in Cloudflare's production usage, it does not do so -- workerd sits behind Cloudflare's usual proxy stack which is probably more hardened. workerd's HTTP implementation comes from KJ, a library bundled with Cap'n Proto, which I personally wrote. It is admittedly not widely used outside of Cloudflare Workers.

workerd uses an event-driven architecture where the resources allocated to each connection are fairly minimal, so it should have no problem with "slow loris" attacks. That said, the application must play a part in this too: if the application allocates a large amount of state before fully reading the re…

Replies: 1 comment 3 replies

Comment options

You must be logged in to vote
3 replies
@isker
Comment options

@kentonv
Comment options

@isker
Comment options

Answer selected by isker
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants