Make ProxyHeaderTimeout configurable

Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/576 ProxyHeaderTimeout must be small to avoid DoS risk Let's make the value configurable and 500ms by default

Make ProxyHeaderTimeout configurable
Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/576 ProxyHeaderTimeout must be small to avoid DoS risk Let's make the value configurable and 500ms by default
5b94726b · Igor Drozdov · cbce19da · 5b94726b · 5b94726b · 5b94726b
Commit 5b94726b authored 3 years ago by Igor Drozdov
--- a/config.yml.example
+++ b/config.yml.example
@@ -80,6 +80,8 @@ sshd:
  client_alive_interval: 15
  # The server waits for this time (in seconds) for the ongoing connections to complete before shutting down. Defaults to 10.
  grace_period: 10
+  # A short timeout to decide to abort the connection if the protocol header is not seen within it. Defaults to 500ms
+  proxy_header_timeout: 500ms
  # The endpoint that returns 200 OK if the server is ready to receive incoming connections; otherwise, it returns 503 Service Unavailable. Defaults to "/start".
  readiness_probe: "/start"
  # The endpoint that returns 200 OK if the server is alive. Defaults to "/health".

--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -31,6 +31,7 @@ type ServerConfig struct {
 	ConcurrentSessionsLimit int64        `yaml:"concurrent_sessions_limit,omitempty"`
 	ClientAliveInterval     yamlDuration `yaml:"client_alive_interval,omitempty"`
 	GracePeriod             yamlDuration `yaml:"grace_period"`
+	ProxyHeaderTimeout      yamlDuration `yaml:"proxy_header_timeout"`
 	ReadinessProbe          string       `yaml:"readiness_probe"`
 	LivenessProbe           string       `yaml:"liveness_probe"`
 	HostKeyFiles            []string     `yaml:"host_key_files,omitempty"`
@@ -86,6 +87,7 @@ var (
 		ConcurrentSessionsLimit: 10,
 		GracePeriod:             yamlDuration(10 * time.Second),
 		ClientAliveInterval:     yamlDuration(15 * time.Second),
+		ProxyHeaderTimeout:      yamlDuration(500 * time.Millisecond),
 		ReadinessProbe:          "/start",
 		LivenessProbe:           "/health",
 		HostKeyFiles: []string{

--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -5,9 +5,9 @@ import (
 	"testing"
 	"time"

-	yaml "gopkg.in/yaml.v2"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/stretchr/testify/require"
+	yaml "gopkg.in/yaml.v2"

 	"gitlab.com/gitlab-org/gitlab-shell/client/testserver"
 	"gitlab.com/gitlab-org/gitlab-shell/internal/testhelper"
@@ -67,14 +67,15 @@ func TestNewFromDir(t *testing.T) {
 	cfg, err := NewFromDir(testhelper.TestRoot)
 	require.NoError(t, err)

-	require.Equal(t, 10 * time.Second, time.Duration(cfg.Server.GracePeriod))
-	require.Equal(t, 1 * time.Minute, time.Duration(cfg.Server.ClientAliveInterval))
+	require.Equal(t, 10*time.Second, time.Duration(cfg.Server.GracePeriod))
+	require.Equal(t, 1*time.Minute, time.Duration(cfg.Server.ClientAliveInterval))
+	require.Equal(t, 500*time.Millisecond, time.Duration(cfg.Server.ProxyHeaderTimeout))
 }

 func TestYAMLDuration(t *testing.T) {
-	testCases := []struct{
-		desc string
-		data string
+	testCases := []struct {
+		desc     string
+		data     string
 		duration time.Duration
 	}{
 		{"seconds assumed by default", "duration: 10", 10 * time.Second},

--- a/internal/sshd/sshd.go
+++ b/internal/sshd/sshd.go
@@ -26,7 +26,6 @@ const (
 	StatusReady
 	StatusOnShutdown
 	StatusClosed
-	ProxyHeaderTimeout = 90 * time.Second
 )

 type Server struct {
@@ -97,7 +96,7 @@ func (s *Server) listen(ctx context.Context) error {
 		sshListener = &proxyproto.Listener{
 			Listener:          sshListener,
 			Policy:            s.requirePolicy,
-			ReadHeaderTimeout: ProxyHeaderTimeout,
+			ReadHeaderTimeout: time.Duration(s.Config.Server.ProxyHeaderTimeout),
 		}

 		log.ContextLogger(ctx).Info("Proxy protocol is enabled")

--- a/internal/testhelper/testdata/testroot/config.yml
+++ b/internal/testhelper/testdata/testroot/config.yml
 sshd:
  grace_period: 10
  client_alive_interval: 1m
+  proxy_header_timeout: 500ms