Are there *new* security implications of allowing keep-alive? Slowloris DoS comes to mind: https://en.wikipedia.org/wiki/Slowloris_(computer_security)
And the article mentions a number of tools. Older devices are likely somewhat trivially DoS-able without this patch; but maybe include a config option to disable keep-alive? What happens to RAM and CPU usage when there are multiple tabs open with keep-alive on? On Fri, Mar 13, 2020, 8:20 AM Jo-Philipp Wich <j...@mein.io> wrote: > Allow POST requests via persistent connections to improve performance > especially when using HTTPS on older devices. > > After this change, average page load times in LuCI improve significantly > once the TLS connections are initiated. > > When testing an ar71xx 19.07.2 build on an ethernet connected TL-WR1043nd > using luci-ssl-openssl and the ustream-openssl backend, the average page > load time for the main status page decreased to 1.3s compared to 4.7s > before, the interface and wireless configuration pages loaded in 1.2s > seconds each compared to the 4.2s and 4.9s respectively before. > > Signed-off-by: Jo-Philipp Wich <j...@mein.io> > --- > client.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/client.c b/client.c > index 92f7609..2a2393f 100644 > --- a/client.c > +++ b/client.c > @@ -194,8 +194,7 @@ static int client_parse_request(struct client *cl, > char *data) > > req->method = h_method; > req->version = h_version; > - if (req->version < UH_HTTP_VER_1_1 || req->method == > UH_HTTP_MSG_POST || > - !conf.http_keepalive) > + if (req->version < UH_HTTP_VER_1_1 || !conf.http_keepalive) > req->connection_close = true; > > return CLIENT_STATE_HEADER; > -- > 2.25.1 > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel >
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
