HTTP/2 Continuation Flood: Technical Details

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
HTTP HTTPS HTTP Server Server Applications Elixir

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • bandit

    Bandit is a pure Elixir HTTP server for Plug & WebSock applications (by mtrudel)

    • I'd just mitigated this exact thing in Bandit last month!

    https://github.com/mtrudel/bandit/blob/main/lib/bandit/http2...

    TBH, from an implementors perspective this is a super obvious thing to cover off. It had long been on my radar and was something that I'd always figured other implementations had defended against as well.

  • Caddy

    Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

    • I think that recompiling with upgraded Go will not solve the issue. It seems Caddy imports `golang.org/x/net/http2` and pins it to v0.22.0 which is vulnerable: https://github.com/caddyserver/caddy/issues/6219#issuecommen....

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts