Skip to content

Latest commit

 

History

History
111 lines (75 loc) · 12.3 KB

mitigations.md

File metadata and controls

111 lines (75 loc) · 12.3 KB

Mitigation Strategies Analysis for valyala/fasthttp

Mitigation Strategy: Implement Request Rate Limiting and Throttling using fasthttp.Server Options

Mitigation Strategy: Implement Request Rate Limiting and Throttling using fasthttp.Server Options

  • Description:

    • Step 1: Configure MaxRequestsPerConn: Set the MaxRequestsPerConn option in the fasthttp.Server configuration. This limits the number of requests a single persistent connection will handle before being closed, encouraging clients to establish new connections and preventing connection monopolization.
    • Step 2: Configure MaxConnsPerIP: Set the MaxConnsPerIP option in the fasthttp.Server configuration. This limits the maximum number of concurrent connections allowed from a single IP address. This is crucial for mitigating DoS attacks originating from a single source.
    • Step 3: Choose Appropriate Values: Carefully select values for MaxRequestsPerConn and MaxConnsPerIP based on your application's expected traffic patterns and resource capacity. Start with conservative values and adjust based on monitoring and load testing.
    • Step 4: Monitor Connection Metrics: Monitor metrics related to connection counts and rejected connections to ensure the configured limits are effective and not negatively impacting legitimate users.

  • Threats Mitigated:

    • Denial of Service (DoS) Attacks (High Severity): By limiting request rates and connections per IP, fasthttp options directly mitigate volumetric DoS attacks, preventing server overload and service disruption.
    • Connection Exhaustion (Medium Severity): Prevents a single client or IP from monopolizing server connections, ensuring fair resource allocation and preventing connection exhaustion for other clients.

  • Impact:

    • Denial of Service (DoS) Attacks: High Risk Reduction: Significantly reduces the effectiveness of volumetric DoS attacks by limiting request sources.
    • Connection Exhaustion: Medium Risk Reduction: Prevents connection exhaustion and improves server availability under heavy load or attack.

  • Currently Implemented: Partial - MaxConnsPerIP and MaxRequestsPerConn are set in server/server.go, but the values might need review and adjustment based on traffic analysis and load testing.

  • Missing Implementation: Dynamic adjustment of these values based on real-time traffic monitoring is not implemented. Consider making these values configurable via environment variables or configuration files for easier adjustment and potentially implementing adaptive rate limiting based on server load.

Mitigation Strategy: Set Request Size Limits using fasthttp.Server Options

Mitigation Strategy: Set Request Size Limits using fasthttp.Server Options

  • Description:

    • Step 1: Configure MaxRequestBodySize: Set the MaxRequestBodySize option in the fasthttp.Server configuration. This option directly limits the maximum size of the request body that the server will accept. Choose a value appropriate for your application's expected request body sizes, considering file uploads and data payloads.
    • Step 2: Configure MaxRequestHeaderSize: Set the MaxRequestHeaderSize option in the fasthttp.Server configuration. This limits the maximum size of the request headers. This helps prevent attacks that send excessively large headers and also indirectly limits the number of headers.
    • Step 3: Return 413 Payload Too Large Automatically: fasthttp automatically returns a 413 Payload Too Large error when MaxRequestBodySize is exceeded. Ensure your application handles this error gracefully on the client-side if necessary.

  • Threats Mitigated:

    • Denial of Service (DoS) via Large Requests (High Severity): Prevents attackers from sending extremely large requests that can consume excessive server memory and bandwidth, leading to DoS. fasthttp's size limits directly address this.
    • Buffer Overflow Vulnerabilities (Low Severity): While less likely in Go, setting size limits provides a defense-in-depth measure against potential buffer overflow vulnerabilities that might arise from processing excessively large inputs.

  • Impact:

    • Denial of Service (DoS) via Large Requests: High Risk Reduction: Effectively prevents DoS attacks based on sending oversized requests by leveraging fasthttp's built-in limits.
    • Buffer Overflow Vulnerabilities: Low Risk Reduction: Provides a minor defense-in-depth measure.

  • Currently Implemented: Yes - MaxRequestBodySize and MaxRequestHeaderSize are configured in server/server.go.

  • Missing Implementation: Review and potentially adjust MaxRequestBodySize and MaxRequestHeaderSize based on application requirements and performance testing. Consider making these values configurable for different environments.

Mitigation Strategy: Implement Request Timeouts using fasthttp.Server and fasthttp.Client Options

Mitigation Strategy: Implement Request Timeouts using fasthttp.Server and fasthttp.Client Options

  • Description:

    • Step 1: Configure ReadTimeout in fasthttp.Server: Set the ReadTimeout option in fasthttp.Server. This defines the maximum duration the server will wait for the entire request to be received from the client. This prevents the server from being held up by slow or stalled clients.
    • Step 2: Configure WriteTimeout in fasthttp.Server: Set the WriteTimeout option in fasthttp.Server. This defines the maximum duration the server will wait to send the entire response to the client. This prevents the server from being blocked if the client is slow to receive data or disconnects unexpectedly.
    • Step 3: Configure Timeouts in fasthttp.Client for Upstream Requests: If your application makes outgoing HTTP requests using fasthttp.Client, configure DialTimeout, ReadTimeout, and WriteTimeout options for the client. This prevents your application from being blocked by slow or unresponsive upstream services.
    • Step 4: Choose Appropriate Timeout Values: Select timeout values that are long enough to accommodate legitimate requests but short enough to prevent resource exhaustion from slow or malicious clients.

  • Threats Mitigated:

    • Slowloris and Slow Read/Write DoS Attacks (High Severity): fasthttp's timeout options effectively mitigate slowloris-style attacks by closing connections that are slow to send requests or receive responses.
    • Resource Exhaustion due to Stalled Connections (Medium Severity): Prevents server resources from being tied up indefinitely by clients that become unresponsive or have slow network connections, leveraging fasthttp's connection management.
    • Upstream Service Dependencies Issues (Medium Severity): fasthttp.Client timeouts prevent cascading failures and resource exhaustion when dependent upstream services become slow or unavailable.

  • Impact:

    • Slowloris and Slow Read/Write DoS Attacks: High Risk Reduction: Effectively prevents these types of DoS attacks by utilizing fasthttp's timeout mechanisms.
    • Resource Exhaustion due to Stalled Connections: Medium Risk Reduction: Improves server resilience and prevents resource exhaustion by automatically closing stalled connections.
    • Upstream Service Dependencies Issues: Medium Risk Reduction: Enhances application robustness when interacting with external services.

  • Currently Implemented: Yes - ReadTimeout and WriteTimeout are set in server/server.go.

  • Missing Implementation: Upstream connection timeouts for fasthttp.Client are not explicitly configured and should be added. Consider making timeout values configurable for different environments and services.

Mitigation Strategy: Control Concurrency using fasthttp.Server Options

Mitigation Strategy: Control Concurrency using fasthttp.Server Options

  • Description:

    • Step 1: Configure Concurrency: Set the Concurrency option in fasthttp.Server. This option limits the maximum number of concurrent request handlers (goroutines) that fasthttp will use. This directly controls the server's concurrency level and prevents excessive goroutine creation, which can lead to resource exhaustion.
    • Step 2: Choose Appropriate Concurrency Value: Select a Concurrency value that is appropriate for your server's resources (CPU, memory) and expected workload. Too low a value might limit throughput, while too high a value could lead to resource contention.
    • Step 3: Monitor Server Performance: Monitor server performance metrics (CPU utilization, memory usage, latency) under load to determine the optimal Concurrency value.

  • Threats Mitigated:

    • Resource Exhaustion due to Excessive Concurrency (Medium Severity): By limiting concurrency, fasthttp's Concurrency option prevents resource exhaustion (CPU, memory) that can occur when handling a very large number of concurrent requests, whether legitimate or malicious.
    • DoS Amplification (Low Severity): In extreme cases, uncontrolled concurrency can amplify the impact of DoS attacks. Limiting concurrency mitigates this amplification effect.

  • Impact:

    • Resource Exhaustion due to Excessive Concurrency: Medium Risk Reduction: Prevents resource exhaustion and improves server stability under high load by directly controlling concurrency within fasthttp.
    • DoS Amplification: Low Risk Reduction: Minimally reduces DoS amplification potential.

  • Currently Implemented: Yes - Concurrency is set in server/server.go.

  • Missing Implementation: The Concurrency value is statically configured. Consider making it dynamically adjustable based on server load or environment variables. More detailed monitoring of concurrency levels and their impact on performance is not fully implemented.

Mitigation Strategy: Limit Header Size using fasthttp.Server's MaxRequestHeaderSize

Mitigation Strategy: Limit Header Size using fasthttp.Server's MaxRequestHeaderSize

  • Description:

    • Step 1: Configure MaxRequestHeaderSize: Set the MaxRequestHeaderSize option in the fasthttp.Server configuration. This option limits the maximum total size of all request headers combined.
    • Step 2: Choose an Appropriate Value: Select a MaxRequestHeaderSize value that is large enough to accommodate legitimate headers but small enough to prevent abuse and resource exhaustion from excessively large headers. A typical value is 4KB or 8KB.
    • Step 3: Monitor Request Rejection Rate: Monitor the rate of requests rejected due to exceeding MaxRequestHeaderSize. Adjust the value if legitimate requests are being rejected, but maintain a reasonable limit for security.

  • Threats Mitigated:

    • Resource Exhaustion via Large Headers (Low Severity): Prevents attackers from sending requests with excessively large headers that could potentially consume server resources. fasthttp's header size limit directly addresses this.
    • DoS Amplification (Low Severity): Large headers can contribute to DoS amplification. Limiting header size mitigates this to a small extent.

  • Impact:

    • Resource Exhaustion via Large Headers: Low Risk Reduction: Provides a minor defense-in-depth measure against resource exhaustion from oversized headers.
    • DoS Amplification: Low Risk Reduction: Minimally reduces DoS amplification potential related to header size.

  • Currently Implemented: Yes - MaxRequestHeaderSize is configured in server/server.go.

  • Missing Implementation: Review and potentially adjust MaxRequestHeaderSize based on application needs and performance testing. Consider making this value configurable. Monitoring of requests rejected due to header size limits is not explicitly implemented.