Default MaxHeaderSize to 4kb (flashbots#206)

* Set max header byte size

* remove cli flag

cmd/mev-boost/main.go

@@ -28,6 +28,7 @@ var (
 	defaultRelayTimeoutMs     = getEnvInt("RELAY_TIMEOUT_MS", 2000) // timeout for all the requests to the relay
 	defaultRelayCheck         = os.Getenv("RELAY_STARTUP_CHECK") != ""
 	defaultGenesisForkVersion = getEnv("GENESIS_FORK_VERSION", "")
+	maxHeaderBytes            = getEnvInt("MAX_HEADER_BYTES", 4000) // max header byte size for requests for dos prevention
 
 	// cli flags
 	logJSON  = flag.Bool("json", defaultLogJSON, "log in JSON format instead of text")
@@ -102,6 +103,7 @@ func main() {
 		GenesisForkVersionHex: genesisForkVersionHex,
 		RelayRequestTimeout:   relayTimeout,
 		RelayCheck:            *relayCheck,
+		MaxHeaderBytes:        maxHeaderBytes,
 	}
 	server, err := server.NewBoostService(opts)
 	if err != nil {

server/service.go

@@ -43,6 +43,7 @@ type BoostServiceOpts struct {
 	GenesisForkVersionHex string
 	RelayRequestTimeout   time.Duration
 	RelayCheck            bool
+	MaxHeaderBytes        int
 }
 
 // BoostService TODO
@@ -53,6 +54,8 @@ type BoostService struct {
 	srv        *http.Server
 	relayCheck bool
 
+	maxHeaderBytes int
+
 	builderSigningDomain types.Domain
 	httpClient           http.Client
 }
@@ -69,10 +72,11 @@ func NewBoostService(opts BoostServiceOpts) (*BoostService, error) {
 	}
 
 	return &BoostService{
-		listenAddr: opts.ListenAddr,
-		relays:     opts.Relays,
-		log:        opts.Log.WithField("module", "service"),
-		relayCheck: opts.RelayCheck,
+		listenAddr:     opts.ListenAddr,
+		relays:         opts.Relays,
+		log:            opts.Log.WithField("module", "service"),
+		relayCheck:     opts.RelayCheck,
+		maxHeaderBytes: opts.MaxHeaderBytes,
 
 		builderSigningDomain: builderSigningDomain,
 		httpClient: http.Client{
@@ -131,6 +135,7 @@ func (m *BoostService) StartHTTPServer() error {
 		ReadHeaderTimeout: 0,
 		WriteTimeout:      0,
 		IdleTimeout:       0,
+		MaxHeaderBytes:    m.maxHeaderBytes,
 	}
 
 	err := m.srv.ListenAndServe()

server/service_test.go

@@ -2,11 +2,13 @@ package server
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"math"
 	"net/http"
 	"net/http/httptest"
+	"strings"
 	"testing"
 	"time"
 
@@ -45,6 +47,7 @@ func newTestBackend(t *testing.T, numRelays int, relayTimeout time.Duration) *te
 		GenesisForkVersionHex: "0x00000000",
 		RelayRequestTimeout:   relayTimeout,
 		RelayCheck:            true,
+		MaxHeaderBytes:        4000,
 	}
 	service, err := NewBoostService(opts)
 	require.NoError(t, err)
@@ -73,7 +76,7 @@ func (be *testBackend) request(t *testing.T, method string, path string, payload
 
 func TestNewBoostServiceErrors(t *testing.T) {
 	t.Run("errors when no relays", func(t *testing.T) {
-		_, err := NewBoostService(BoostServiceOpts{testLog, ":123", []RelayEntry{}, "0x00000000", time.Second, true})
+		_, err := NewBoostService(BoostServiceOpts{testLog, ":123", []RelayEntry{}, "0x00000000", time.Second, true, 4000})
 		require.Error(t, err)
 	})
 }
@@ -115,6 +118,22 @@ func TestWebserverRootHandler(t *testing.T) {
 	require.Equal(t, "{}\n", rr.Body.String())
 }
 
+func TestWebserverMaxHeaderSize(t *testing.T) {
+	backend := newTestBackend(t, 1, time.Second)
+	addr := "localhost:1234"
+	backend.boost.listenAddr = addr
+	go func() {
+		err := backend.boost.StartHTTPServer()
+		require.NoError(t, err)
+	}()
+	time.Sleep(time.Millisecond * 100)
+	path := "http://" + addr + "?" + strings.Repeat("abc", 4000) // path with characters of size over 4kb
+	code, err := SendHTTPRequest(context.Background(), *http.DefaultClient, http.MethodGet, path, nil, nil)
+	require.Error(t, err)
+	require.Equal(t, http.StatusRequestHeaderFieldsTooLarge, code)
+	backend.boost.srv.Close()
+}
+
 // Example good registerValidator payload
 var payloadRegisterValidator = types.SignedValidatorRegistration{
 	Message: &types.RegisterValidatorRequestMessage{