Security Hardening

Meridian provides defense-in-depth from the language level through the transport level to the application level.

Rust-Level Safety

Properties enforced by the compiler, not by convention:

These guarantees eliminate entire vulnerability classes that have caused real CVEs in C/C++ proxies.

Protocol-Level Defenses

Request Smuggling Prevention

HTTP request smuggling exploits ambiguity between Content-Length and Transfer-Encoding. Meridian’s strict parser:

1. Rejects requests with both Content-Length and Transfer-Encoding
2. Rejects requests with multiple Content-Length values
3. Rejects Content-Length with whitespace padding
4. Only accepts chunked as a Transfer-Encoding value

These checks are verified by coverage-guided fuzzing with a dedicated smuggling-detection fuzzer.

Slowloris Defense

60-second timeout on header reading. Clients that don’t complete headers within this window are disconnected.

Per-IP Connection Limits

Configurable limit (default 256) on connections per source IP. Prevents a single client from exhausting connection resources. Uses RAII guards for automatic cleanup.

Path Normalization

Request paths are normalized before routing:

• //api//data → /api/data
• /api/../secret → /secret
• /api/./data → /api/data
• /../../etc/passwd → /etc/passwd

Header Size Limits

64KB maximum header size. 128 maximum headers per request.

Generic Error Responses

Error responses never leak internal topology. Cluster names, endpoint addresses, and circuit breaker state are logged but never sent to clients.

TLS

Meridian uses rustls for TLS termination — a pure-Rust implementation audited by Cure53. See TLS Configuration.

Fuzz Testing

All parser surfaces are continuously fuzz-tested:

• HTTP/1.1 request parser
• Chunked transfer-encoding dechunker
• Body framing decision logic
• Path normalization
• Request smuggling detection
• TOML configuration parser

See Fuzzing for details.