What's new in HTTP 2

Posted Jul 27, 2013 1:51 UTC (Sat) by hasard (guest, #47410)
Parent article: What's new in HTTP 2

What is the defence against servers which do not respect the specification and keep on initiating streams upon receive of a GOAWAY frame?

What's new in HTTP 2

Posted Jul 27, 2013 18:19 UTC (Sat) by mathstuf (subscriber, #69389) [Link]

If they're not following HTTP2, why should you? Send a reset packet and let the user know the server is misbehaving, or collaborate a DoS, or drop the hostname into /etc/hosts as a black hole. The possibilities really are endless :) .

What's new in HTTP 2

Posted Jul 29, 2013 12:55 UTC (Mon) by nye (subscriber, #51576) [Link]

>What is the defence against servers which do not respect the specification and keep on initiating streams upon receive of a GOAWAY frame?

This kind of question doesn't really make sense. How can the specification meaningfully specify the behaviour of things that are operating outside of the specification? When you're talking about a server which doesn't follow required standards and arbitrarily starts sending unrequested data, it makes no difference whether it's an HTTP 2 server with bugs, an HTTP 1.1 server with bugs, somebody trying to ssh into the wrong IP address, or just some random port scanner.

There is no difference between this problem and the more general problem of receiving unwanted TCP connections, and once you've realised that, the solution is obvious: RST, netfilter, filing a formal complaint, legal action, etc. (roughly in order, though in practice of course it's vanishingly uncommon to get past step 2)