From 37b67643e885b21a3259bb7ce51ebc0fb903cea2 Mon Sep 17 00:00:00 2001
From: Hector <hector@hjs.dev>
Date: Wed, 21 Jun 2023 11:09:39 +0000
Subject: [PATCH] fix: set http server timeouts (!91)

* Set timeout values when configuring the HTTP server to mitigate "Slowloris" vulnerability

https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/merge_requests/91
---
 server/server.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/server/server.go b/server/server.go
index 18f2b9f..315846e 100644
--- a/server/server.go
+++ b/server/server.go
@@ -3,6 +3,7 @@ package server
 import (
 	"log"
 	"net/http"
+	"time"
 
 	"gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/cfg"
 	"gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/collector/textfile"
@@ -26,7 +27,14 @@ func StartServer(
 
 	svrErr := make(chan error)
 	go func() {
-		svrErr <- http.ListenAndServe(appSettings.MetricsAddress, nil)
+		httpServer := &http.Server{
+			Addr:              appSettings.MetricsAddress,
+			ReadHeaderTimeout: 10 * time.Second,
+			ReadTimeout:       10 * time.Second,
+			WriteTimeout:      10 * time.Second,
+			IdleTimeout:       30 * time.Second,
+		}
+		svrErr <- httpServer.ListenAndServe()
 	}()
 	log.Print("ready")
 	return svrErr