add filter_private_ips option to discard private IPs.

Might be used when tracker is behind reverse proxy and one of provided addresses in `real_ip_header` is private/local address. Additional changes: * check if provided address is not multicast/broadcast * configure `http.Server.ReadHeaderTimeout` with `http.ReadTimeout` to mitigate Slowloris * update dependencies * minor docs fixes
2026-04-30 09:30:00 -07:00 · 2022-07-23 15:30:12 +03:00
parent 3e36ad7cbf
commit 96653c45a3
13 changed files with 125 additions and 63 deletions
--- a/pkg/metrics/server.go
+++ b/pkg/metrics/server.go
@@ -9,6 +9,7 @@ import (
 	"net/http/pprof"
 	"net/netip"
 	"sync/atomic"
+	"time"

 	"github.com/prometheus/client_golang/prometheus/promhttp"

@@ -16,6 +17,11 @@ import (
 	"github.com/sot-tech/mochi/pkg/stop"
 )

+const (
+	readTimeout  = 5 * time.Second
+	writeTimeout = readTimeout * 2
+)
+
 var (
 	logger        = log.NewLogger("metrics")
 	serverCounter = new(int32)
@@ -68,8 +74,11 @@ func NewServer(addr string) *Server {

 	s := &Server{
 		srv: &http.Server{
-			Addr:    addr,
-			Handler: mux,
+			Addr:              addr,
+			Handler:           mux,
+			ReadTimeout:       readTimeout,
+			ReadHeaderTimeout: readTimeout,
+			WriteTimeout:      writeTimeout,
 		},
 	}