fix(handler/http2): apply traffic limiter + stats to forward proxy path, decouple auth I/O, add idle timeout
- Wrap non-CONNECT upstream with traffic_wrapper and stats_wrapper (was only on CONNECT path) - Write 503 error response on forwardRequest failure instead of silent connection close - Decouple resp.Header from w.Header() to prevent metadata header leakage/doubling in 407 responses - Return pipeTo signal from authenticate instead of dialing inline (matches http handler pattern) - Add idleTimeout metadata field and pass to xnet.Pipe for CONNECT tunnels - Add 4 tests for probe resistance host forwarding and knock bypass
This commit is contained in:
@@ -20,6 +20,7 @@ type metadata struct {
|
||||
authBasicRealm string
|
||||
observerPeriod time.Duration
|
||||
observerResetTraffic bool
|
||||
idleTimeout time.Duration
|
||||
|
||||
limiterRefreshInterval time.Duration
|
||||
limiterCleanupInterval time.Duration
|
||||
@@ -55,6 +56,8 @@ func (h *http2Handler) parseMetadata(md mdata.Metadata) {
|
||||
}
|
||||
h.md.observerResetTraffic = mdutil.GetBool(md, "observer.resetTraffic")
|
||||
|
||||
h.md.idleTimeout = mdutil.GetDuration(md, "readTimeout", "read.timeout")
|
||||
|
||||
h.md.limiterRefreshInterval = mdutil.GetDuration(md, "limiter.refreshInterval")
|
||||
h.md.limiterCleanupInterval = mdutil.GetDuration(md, "limiter.cleanupInterval")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user