Skip to content

Replay attacks mitigation

Since version 1.4, the payload received using the Capture Library contains the date and time of creation. The server checks the payload creation time against the current time and if it differs by more than the allowable payload lifetime, returns the HTTP error 400 with the message "Replay attack detected". The default allowable payload lifetime is 300 seconds.

By default, this check is disabled. Use the IAD_SERVER_REPLAY_ATTACK_CHECKER_ENABLED environment variable to enable it:

docker run --env IAD_SERVER_REPLAY_ATTACK_CHECKER_ENABLED=true ...

Use the IAD_SERVER_REPLAY_ATTACK_TOLERANCE_TIME environment variable to change the allowable payload lifetime. The value is specified in seconds.

docker run --env IAD_SERVER_REPLAY_ATTACK_CHECKER_ENABLED=true --env IAD_SERVER_REPLAY_ATTACK_TOLERANCE_TIME=60 ...