Technically we'd set the sockettimeout already in the __init__ of
LimitedStream, but in the end I think this is better fixed at the
loadbalancer/webserver level as with any other attack similar/equal to
"slowloris". There speaks nothing against docs though…
Cheers,
Florian
--
You received thi
(I discussed this issue before with Florian Apolloner in
secur...@djangoproject.com, and we decided to open a thread here).
Consider simple view:
class MyView(View):
def patch(self, request, *args, **kwargs):
request.read()
return HttpResponse('test')
Next, consider requ
