I was reading about some different types of DoS attacks and found a story about how one computer was able to issue a few hundred requests that were artificially prolonged which would essentially DoS servers. This is known as a
slowloris attack and can be applied to many protocols.
Naturally I wanted to ensure I was safe and I went googling about slowloris and go. However there are sadly very few things that came up having to do with go. Notably there was an
issue from 2011 which appears to have been fixed. Theres also a couple of old posts in the golang mailing list if you search for slow loris but nothing recent and they don't really confirm how or if you can fix this(besides putting something like nginx in front of your server).
So does anyone know if this really has been fixed, and if so how can I configure the proper read timeouts or if I even have too/should configure them. I've found the
http server has read/write timeout fields but most of the slowloris related content I found mention Idle read/write timeouts being how this is exploited. Anyways any clarification or help would be greatly appreciated, and at the very least maybe I popped this issue into your mind as like I said before this attack can be incorporated into many other protocols but I was wondering about http.