[Libwebsockets] force closing http 1.1 or http2 connection from user side

sas spss sas2016spss at gmail.com
Tue Apr 20 21:21:17 CEST 2021


When the server found an invalid authentication header / cookie in a
http1.1 keep alive or http2 connectiion, the server wants to close the TCP
connection right away to prevent file descriptors being used up by this
kind of spam (fake API calls).

According to the libwebsocket doc, I called lws_callback_on_writable ( wsi
) to trigger a writable callback. And then inside of the actual callback,
under "case LWS_CALLBACK_HTTP_WRITEABLE", I return -1 for closing
connection.

In my test with "curl --http1.1 url1 url2 ",  the url1 request has invalid
authentication header which triggers above return -1 in writable callback.
But curl shows url2 still being served with debug message "re-using
existing connection ...".

So it seems the TCP connection is not closed and still being used as
keep-alive connection. Is this the expected behavior ? If yes, what's the
best way to close the connection as quickly as possible so the server can
recycle the file descriptor from many of the un-authenticated requests ?

In another situation, like regular user login error, which server does want
to send a response with http code 401 back to browser before close
connection.  I can't close the connection right after composing the http
response since there are still data (http code 401, etc) in send buffer. I
tried to return -1 in writable callback under  "case
LWS_CALLBACK_HTTP_DROP_PROTOCOL", but that doesn't seem to close the TCP
connect either and still allow the next request in keep-alive connection
being served.

In 2nd situation, what's the best way to schedule closing the TCP
connection after the current HTTP response being sent ?

Thanks a lot,

Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20210420/7f55cfd1/attachment.htm>


More information about the Libwebsockets mailing list