From d569096eee1384584ed0d38bd01df92ad44584e5 Mon Sep 17 00:00:00 2001
From: kpacha <kpacha666@gmail.com>
Date: Tue, 1 Oct 2024 15:36:28 +0200
Subject: [PATCH] setup a timeout to avoid slowloris attacks

---
 gin/metrics.go | 5 +++--
 mux/metrics.go | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/gin/metrics.go b/gin/metrics.go
index a0ae5a8..0734ec9 100644
--- a/gin/metrics.go
+++ b/gin/metrics.go
@@ -36,8 +36,9 @@ type Metrics struct {
 func (m *Metrics) RunEndpoint(ctx context.Context, e *gin.Engine, l logging.Logger) {
 	logPrefix := "[SERVICE: Stats]"
 	server := &http.Server{
-		Addr:    m.Config.ListenAddr,
-		Handler: e,
+		Addr:              m.Config.ListenAddr,
+		Handler:           e,
+		ReadHeaderTimeout: 3 * time.Second,
 	}
 	go func() {
 		if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
diff --git a/mux/metrics.go b/mux/metrics.go
index 4a46bfb..1a89f62 100644
--- a/mux/metrics.go
+++ b/mux/metrics.go
@@ -35,8 +35,9 @@ type Metrics struct {
 // RunEndpoint runs the *gin.Engine (that should have the stats endpoint) with the logger
 func (m *Metrics) RunEndpoint(ctx context.Context, s *http.ServeMux, l logging.Logger) {
 	server := &http.Server{
-		Addr:    m.Config.ListenAddr,
-		Handler: s,
+		Addr:              m.Config.ListenAddr,
+		Handler:           s,
+		ReadHeaderTimeout: 3 * time.Second,
 	}
 	go func() {
 		l.Error(server.ListenAndServe())