From 8bef297841a92f27d819db93ffa32abd5fd13b1d Mon Sep 17 00:00:00 2001
From: Kyle Sanderson <kyle.leet@gmail.com>
Date: Sun, 21 May 2023 17:27:07 +0300
Subject: [PATCH] fix(http): set ReadHeaderTimeout to mitigate Slowloris (#946)

* fix(http): add header timeout for connections

* fix: add import

---------

Co-authored-by: ze0s <43699394+zze0s@users.noreply.github.com>
---
 internal/http/server.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/internal/http/server.go b/internal/http/server.go
index 3fef0c6..cf744b5 100644
--- a/internal/http/server.go
+++ b/internal/http/server.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	"time"
 
 	"github.com/autobrr/autobrr/internal/config"
 	"github.com/autobrr/autobrr/internal/database"
@@ -81,6 +82,7 @@ func (s Server) Open() error {
 
 	server := http.Server{
 		Handler: s.Handler(),
+		ReadHeaderTimeout: time.Second * 15,
 	}
 
 	s.log.Info().Msgf("Starting server. Listening on %s", listener.Addr().String())