HIGH denial of serviceecho go

Denial Of Service in Echo Go

Scan for denial of service in echo go

Echo Go-Specific Remediation

Securing Echo Go applications against DoS attacks requires configuring the framework's built-in protection mechanisms. Echo Go provides several configuration options that, when properly set, prevent the most common DoS vectors.

Connection timeouts are the first line of defense. Echo Go's ReadTimeout and WriteTimeout prevent slowloris attacks by terminating connections that take too long to complete:

func main() {
    e := echo.New()
    
    // Configure timeouts to prevent slowloris
    e.Server.ReadTimeout = 10 * time.Second
    e.Server.WriteTimeout = 10 * time.Second
    e.Server.IdleTimeout = 60 * time.Second
    
    // Body size limits prevent memory exhaustion
    e.MaxBodySize = 10 * 1024 * 1024 // 10MB limit
    e.MaxHeaderSize = 1 * 1024 * 1024 // 1MB limit
    
    // Rate limiting middleware
    e.Use(middleware.RateLimiterWithConfig(middleware.RateLimiterConfig{
        Store: middleware.NewRateLimitMemoryStore(100),
        Config: middleware.RateLimitConfig{
            Limit: 100,
            Identifier: func(ctx echo.Context) string {
                return ctx.RealIP()
            },
        },
    }))
    
    e.GET("/api/data", func(c echo.Context) error {
        return c.JSON(http.StatusOK, map[string]string{"status": "ok"})
    })
    
    e.Start(":8080")
}

Echo Go's middleware ecosystem provides additional DoS protection. The built-in rate limiting middleware prevents request flooding by tracking request counts per client IP:

// Custom rate limiting with Echo middleware
func rateLimitMiddleware(limit int) echo.MiddlewareFunc {
    return middleware.RateLimiterWithConfig(middleware.RateLimiterConfig{
        Store: middleware.NewRateLimitMemoryStore(limit),
        Config: middleware.RateLimitConfig{
            Limit: limit,
            Identifier: func(ctx echo.Context) string {
                return ctx.RealIP()
            },
            Skip: func(ctx echo.Context) error {
                // Skip health checks
                if ctx.Path() == "/health" {
                    return middleware.Skip
                }
                return nil
            },
        },
    })
}

For CPU-intensive operations, Echo Go applications should implement request timeouts at the handler level. This prevents single requests from monopolizing server resources:

func secureHandler(c echo.Context) error {
    // Set context timeout for this specific operation
    ctx, cancel := context.WithTimeout(c.Request().Context(), 5*time.Second)
    defer cancel()
    
    // Wrap expensive operation with timeout
    result, err := processWithTimeout(ctx)
    if err != nil {
        return c.JSON(http.StatusGatewayTimeout, map[string]string{"error": "operation timed out"})
    }
    
    return c.JSON(http.StatusOK, result)
}

func processWithTimeout(ctx context.Context) (interface{}, error) {
    // Simulate expensive operation with timeout
    select {
    case <-time.After(3 * time.Second):
        return map[string]string{"status": "processed"}, nil
    case <-ctx.Done():
        return nil, ctx.Err()
    }
}

Echo Go's context-based cancellation also helps prevent DoS by allowing operations to be cancelled when clients disconnect:

func cancelableHandler(c echo.Context) error {
    // Automatically cancelled if client disconnects
    ctx := c.Request().Context()
    
    // Process with context cancellation
    result, err := processWithCancellation(ctx)
    if err != nil {
        if errors.Is(err, context.Canceled) {
            return c.JSON(http.StatusServiceUnavailable, map[string]string{"error": "connection lost"})
        }
        return err
    }
    
    return c.JSON(http.StatusOK, result)
}

Related CWEs: resourceConsumption

CWE IDNameSeverity
CWE-400Uncontrolled Resource Consumption HIGH
CWE-770Allocation of Resources Without Limits MEDIUM
CWE-799Improper Control of Interaction Frequency MEDIUM
CWE-835Infinite Loop HIGH
CWE-1050Excessive Platform Resource Consumption MEDIUM
Scan for denial of service in echo go Free API security scan

Frequently Asked Questions

How does middleBrick detect DoS vulnerabilities in Echo Go applications?
middleBrick performs black-box scanning that tests your running Echo Go API without requiring source code or credentials. It sends slow requests to detect missing timeout configurations, attempts large file uploads to verify body size limits, and measures response times under load to identify CPU exhaustion patterns. The scanner specifically checks Echo Go's default timeout values (0 seconds) and body size limits (32MB) that are often overlooked but create DoS vulnerabilities.
What's the difference between Echo Go's default timeout settings and secure configurations?
Echo Go's default timeout settings are all zero (0s), meaning connections never time out and can remain open indefinitely. Secure configurations set specific timeouts: ReadTimeout and WriteTimeout (typically 10-30 seconds) prevent slowloris attacks, IdleTimeout (60-300 seconds) manages connection pooling, and MaxBodySize (10-50MB depending on use case) prevents memory exhaustion. These settings transform an open-ended service into one that gracefully handles resource exhaustion attempts.

Related Pages

Denial Of Service in Echo Go on CloudflareExplore DoS in Echo Go behind Cloudflare, understand risks, and apply rate limiting and Cloudflare rules with concrete cDenial Of Service in Echo Go on AzureUnderstand and mitigate Denial of Service in Echo Go on Azure with concrete code fixes, rate limiting, timeouts, and bodDenial Of Service in Echo Go on AwsUnderstand Denial of Service for Echo Go behind AWS and apply concrete Go and AWS configuration fixes with realistic codDenial Of Service in Echo Go on DigitaloceanUnderstand and remediate Denial of Service in Echo Go on Digitalocean with code examples and infrastructure guidance.Pci Dss: Denial Of Service in Echo GoExplore how PCI DSS availability expectations intersect with Echo Go DoS risks, and apply concrete Echo Go fixes with coSoc2: Denial Of Service in Echo GoExplore how Denial Of Service in Echo Go APIs relates to Soc2 availability controls, with concrete remediation code examIso 27001: Denial Of Service in Echo GoExplore DoS risks for Echo Go under ISO 27001, with remediation code examples and guidance on availability controls and Cis: Denial Of Service in Echo GoExplore Cis in Denial Of Service with Echo Go, understand the risks, and apply concrete code fixes to secure your servicDenial Of Service in Echo Go with Bearer TokensUnderstand DoS risks with Bearer Tokens in Echo Go and apply fast validation, rate limiting, and caching fixes with concDenial Of Service in Echo Go with Basic AuthExplore DoS risks in Echo Go with Basic Auth, understand the combined vulnerability, and apply concrete Go middleware fiDenial Of Service in Echo Go with Hmac SignaturesUnderstand DoS risks with HMAC signatures in Echo Go, and apply concrete HMAC verification fixes with size limits and eaDenial Of Service in Echo Go with Api KeysUnderstand DoS risk in Echo Go with API keys and implement per-key rate limits in Go with concrete code examples.