From 7edd40b4f0b55d44fa2f05293098191e06b91ac2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maximilian=20Pa=C3=9F?=
 <22845248+mpass99@users.noreply.github.com>
Date: Tue, 19 Jul 2022 09:23:11 +0200
Subject: [PATCH] Add Read Header Timeout

to prevent a potential Slowloris attack.
---
 cmd/poseidon/main.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/cmd/poseidon/main.go b/cmd/poseidon/main.go
index 3a0a340..b267d28 100644
--- a/cmd/poseidon/main.go
+++ b/cmd/poseidon/main.go
@@ -103,10 +103,14 @@ func initServer() *http.Server {
 		runnerManager, environmentManager)
 
 	return &http.Server{
-		Addr:        config.Config.Server.URL().Host,
-		ReadTimeout: time.Second * 15,
-		IdleTimeout: time.Second * 60,
-		Handler:     api.NewRouter(runnerManager, environmentManager),
+		Addr: config.Config.Server.URL().Host,
+		// A WriteTimeout would prohibit long-running requests such as creating an execution environment.
+		// See also https://github.com/openHPI/poseidon/pull/68.
+		// WriteTimeout: time.Second * 15,
+		ReadHeaderTimeout: time.Second * 15,
+		ReadTimeout:       time.Second * 15,
+		IdleTimeout:       time.Second * 60,
+		Handler:           api.NewRouter(runnerManager, environmentManager),
 	}
 }