From 3e32bb41f6f0e7f54752a97cdfb8a1bb503c8ac6 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 9 Mar 2013 14:57:48 -0400 Subject: [PATCH] webapp: Work around bug in Warp's slowloris attack prevention code, that caused regular browsers to stall when they reuse a connection after leaving it idle for 30 seconds. (See https://github.com/yesodweb/wai/issues/146) --- Utility/WebApp.hs | 7 ++++++- debian/changelog | 4 ++++ doc/bugs/webapp_hang.mdwn | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Utility/WebApp.hs b/Utility/WebApp.hs index c6aae9db5d..0623d4a489 100644 --- a/Utility/WebApp.hs +++ b/Utility/WebApp.hs @@ -56,9 +56,14 @@ browserCommand = "xdg-open" runWebApp :: Wai.Application -> (SockAddr -> IO ()) -> IO () runWebApp app observer = do sock <- localSocket - void $ forkIO $ runSettingsSocket defaultSettings sock app + void $ forkIO $ runSettingsSocket webAppSettings sock app observer =<< getSocketName sock +webAppSettings = defaultSettings + -- disable buggy sloworis attack prevention code + { settingsTimeout = 30 * 60 + } + {- Binds to a local socket, selecting any free port. - - Prefers to bind to the ipv4 address rather than the ipv6 address diff --git a/debian/changelog b/debian/changelog index 3f2907af97..59208eb5b8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -36,6 +36,10 @@ git-annex (4.20130228) UNRELEASED; urgency=low * assistant: Sync with all git remotes on startup. * Switch from using regex-compat to regex-tdfa, as the C regex library is rather buggy. + * webapp: Work around bug in Warp's slowloris attack prevention code, + that caused regular browsers to stall when they reuse a connection + after leaving it idle for 30 seconds. + (See https://github.com/yesodweb/wai/issues/146) -- Joey Hess Wed, 27 Feb 2013 23:20:40 -0400 diff --git a/doc/bugs/webapp_hang.mdwn b/doc/bugs/webapp_hang.mdwn index 0f9af5b288..73fcbbe99b 100644 --- a/doc/bugs/webapp_hang.mdwn +++ b/doc/bugs/webapp_hang.mdwn @@ -32,6 +32,8 @@ Hypotheses: **Verified** Bug filed upstream: + ** workaround in place ** + * Something deep in git-annex, such as the inotidy code, could be preventing a web server thread from running. But then why do other tabs and other web browsers work while it's stuck?