qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Godfrey <rob.j.godf...@gmail.com>
Subject Re: CON-1003: how to resolve this?
Date Mon, 18 May 2015 07:50:57 GMT
Hi Siva,

CON-1003 can be caused in two different ways - 1) If the connection
takes too long to authenticate itself after creation (this prevents
certain types of DoS attack) and 2) If the connection does not receive
any data from the client within a specified timeout (this is a
per-connection negotiated value which helps detect and disconnect
clients which have crashed, or where the underlying network connection
may have failed in some way).

In the first case there will be an additional warning in the log,
looking something like "Connection has taken more than  XXms to
establish identity.  Closing as possible DoS."

If this is the case you can set the timeout to a non default value by
setting the context variable connection.maximumAuthenticationDelay to
a large value (the value is in milliseconds and defaults to 2000 -
i.e. 2 seconds).  Context variables can be set either through the Web
Management UI (see [1] below), or by setting them as a Java system
property (e.g. -Dconnection.maximumAuthenticationDelay=10000)

Hope this helps,
Rob


[1] http://qpid.apache.org/releases/qpid-0.32/java-broker/book/Java-Broker-Management-Channel-Web-Console.html#Java-Broker-Management-Channel-Web-Console-Managing-Entities
(see section 6.2.3.4)

On 18 May 2015 at 07:42, Sivananda Reddys Thummala Abbigari
<sthummala@salesforce.com> wrote:
> Hi,
>
> I am trying to resolve CON-1003. Could you please let me know  how to
> increase the connection timeouts/idle times in qpid?. I am using java
> broker.
>
> Thank you,
> Siva.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message