Asymmetric denial of service - Content length - Elixir

Asymmetric denial of service - Content length - Elixir

Need

Prevent service degradation or outage due to malicious requests with excessively large Content-Length headers

Context

Usage of Elixir for building scalable and fault-tolerant applications
Usage of Plug and Cowboy for HTTP request and response handling
Usage of server that accepts requests with unrestricted Content-Length header

Description

Non compliant code

        defmodule VulnerableApp do
  use Plug.Router

  plug :match
  plug :dispatch

  get '/' do
    send_resp(conn, 200, 'Hello, world!')
  end
end

This basic Plug-based Elixir application doesn't impose any limits on the Content-Length of incoming requests, making it vulnerable to DoS attacks.

Steps

Set a maximum limit for the Content-Length of incoming requests.
Consider using a rate limiting mechanism to limit the number of requests from a single source.
Set an absolute timeout for incoming connections.

Compliant code

        defmodule SecureApp do
  use Plug.Router

  plug Plug.Parsers, parsers: [:urlencoded, :multipart, :json], pass: ['*/*'], json_decoder: Poison, length: 1_000_000

  plug :match
  plug :dispatch

  get '/' do
    send_resp(conn, 200, 'Hello, world!')
  end
end

This Elixir application uses the Cowboy HTTP server with a configuration that limits the maximum request body size, mitigating the DoS vulnerability.

References

057. Asymmetric denial of service - Content length