secure-express-setup
Version:
Military-grade one-command security setup for Express.js applications
26 lines (21 loc) • 803 B
JavaScript
// lib/slowloris.js
const slowDown = require('express-slow-down');
function setupSlowloris(app) {
// Connection timeout
app.use((req, res, next) => {
req.setTimeout(30000); // 30 seconds
res.setTimeout(30000);
next();
});
// Slow down repeated requests
const speedLimiter = slowDown({
windowMs: 15 * 60 * 1000, // 15 minutes
delayAfter: 50, // allow 50 requests per 15 minutes, then...
// New API: delayMs can be a function or a constant function. We'll use constant delay per extra request.
delayMs: () => 500, // begin adding 500ms of delay per request after delayAfter
// validate options to avoid library warning
validate: { delayMs: false }
});
app.use(speedLimiter);
}
module.exports = setupSlowloris;