[dang]

Related. Others?

HAProxy is not affected by the HTTP/2 Rapid Reset Attack - https://news.ycombinator.com/item?id=37837043 - Oct 2023 (31 comments)

The largest DDoS attack to date, peaking above 398M rps - https://news.ycombinator.com/item?id=37831062 - Oct 2023 (461 comments)

HTTP/2 Rapid Reset: deconstructing the record-breaking attack - https://news.ycombinator.com/item?id=37831004 - Oct 2023 (22 comments)

HTTP/2 zero-day vulnerability results in record-breaking DDoS attacks - https://news.ycombinator.com/item?id=37830998 - Oct 2023 (69 comments)

The novel HTTP/2 'Rapid Reset' DDoS attack - https://news.ycombinator.com/item?id=37830987 - Oct 2023 (103 comments)

[jchw]

I don't know if a post to HN has been made (don't think so), but Envoy released 1.27.1 in response to Rapid Reset as well.

https://www.envoyproxy.io/docs/envoy/v1.27.1/version_history...

[msmith]

Also Go's HTTP/2 packages - https://news.ycombinator.com/item?id=37863419

[tialaramex]

It's been interesting to see who is affected and who isn't and their rationale.

[nomaxx117]

I posted another one the other day which didn't get any traction but probably goes in the list: https://news.ycombinator.com/item?id=37835295

[rewmie]

Thanks for the helpful summary. It does wonder to provide context to such an important topic.