Asymmetric denial of service - Content length - Elixir

Need

Prevent service degradation or outage due to malicious requests with excessively large Content-Length headers

Context

1. Usage of Elixir for building scalable and fault-tolerant applications
2. Usage of Plug and Cowboy for HTTP request and response handling
3. Usage of server that accepts requests with unrestricted Content-Length header

Description

Insecure Code Example

defmodule VulnerableApp do
  use Plug.Router

  plug :match
  plug :dispatch

  get '/' do
    send_resp(conn, 200, 'Hello, world!')
  end
end

This basic Plug-based Elixir application doesn't impose any limits on the Content-Length of incoming requests, making it vulnerable to DoS attacks.

Steps

1. Set a maximum limit for the Content-Length of incoming requests.
2. Consider using a rate limiting mechanism to limit the number of requests from a single source.
3. Set an absolute timeout for incoming connections.

Secure Code Example

defmodule SecureApp do
  use Plug.Router

  plug Plug.Parsers, parsers: [:urlencoded, :multipart, :json], pass: ['*/*'], json_decoder: Poison, length: 1_000_000

  plug :match
  plug :dispatch

  get '/' do
    send_resp(conn, 200, 'Hello, world!')
  end
end

This Elixir application uses the Cowboy HTTP server with a configuration that limits the maximum request body size, mitigating the DoS vulnerability.

References

Last updated

2023/09/18