From 222fa42ee0bf8674bb2b2ec639ed2fdcf8b02763 Mon Sep 17 00:00:00 2001 From: Jose Celano Date: Fri, 5 Jul 2024 11:33:24 +0100 Subject: [PATCH] feat: disable TimeoutAcceptor when TSL is enabled The TimeoutAcceptor es a custom acceptor for Axum that sets a timeput for making a request after openning a connection. It does not work when TSL is enabled. This commit disables it, therefore the app does not have any way to avoid a DDos attacks where clients just open connections without making any request. --- src/servers/apis/server.rs | 4 +++- src/servers/http/server.rs | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/servers/apis/server.rs b/src/servers/apis/server.rs index 39a68a85..40c4d077 100644 --- a/src/servers/apis/server.rs +++ b/src/servers/apis/server.rs @@ -239,7 +239,9 @@ impl Launcher { match tls { Some(tls) => custom_axum_server::from_tcp_rustls_with_timeouts(socket, tls) .handle(handle) - .acceptor(TimeoutAcceptor) + // The TimeoutAcceptor is commented because TSL does not work with it. + // See: https://github.com/torrust/torrust-index/issues/204#issuecomment-2115529214 + //.acceptor(TimeoutAcceptor) .serve(router.into_make_service_with_connect_info::()) .await .expect("Axum server for tracker API crashed."), diff --git a/src/servers/http/server.rs b/src/servers/http/server.rs index faedaf92..4a6dccc6 100644 --- a/src/servers/http/server.rs +++ b/src/servers/http/server.rs @@ -65,7 +65,9 @@ impl Launcher { match tls { Some(tls) => custom_axum_server::from_tcp_rustls_with_timeouts(socket, tls) .handle(handle) - .acceptor(TimeoutAcceptor) + // The TimeoutAcceptor is commented because TSL does not work with it. + // See: https://github.com/torrust/torrust-index/issues/204#issuecomment-2115529214 + //.acceptor(TimeoutAcceptor) .serve(app.into_make_service_with_connect_info::()) .await .expect("Axum server crashed."),