tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <r...@apache.org>
Subject Re: [5.0] Connector default configuration + connection timeout
Date Mon, 28 Jul 2003 15:47:56 GMT
Henri Gomez wrote:

> Remy Maucherat a écrit :
> 
>> Hi,
>>
>> What would be the best connector default configuration ?
>>
>> I switched HTTP/1.1 to be:
>> maxThreads: 100
>> minSpare: 1
>> maxSpare: 10
>> That should be ok for a small/medium site, and bad for a large site. 
>> It should be decent for benchmarking if there's a warmup period. 
>> Should the default config be large site compliant ?
> 
> 
> May be you should mimic the defaults settings of Apache 2.0 :
> 
> 150 Threads, 25 MinSpare, 75 MaxSpare.

Ok, thanks.

I forgot to mention JK 2 in my email ;-) What should be the default 
configuration for that connector (including jk2.properties if any) ?

>> Also, in order to conserve processors for useful tasks when the load 
>> increases (and also twart DoS attacks), I was thinking about 
>> introducing  dynamic scaling for the HTTP connection timeout for 
>> keepalive.
>> The formula would be something like this.
>>
>> ratio = maxThreads / currentBusyThreads;
>>
>> if (ratio between 0 and 0.33) {
>>     normal timeout
>> } else if (ratio between 0.33 and 0.66) {
>>     half timeout
>> } else if (ratio between 0.66 and 1) {
>>     no keepalive (so only one request is processed per connection), 
>> timeout / 4 (or maybe more)
>> }
>>
>> Comments ?
> 
> 
> Protection against DOS attack should also have some glues like :
> 
> - Max clients from the same IP (ie DOS attack from the same host).
> 
> - Max request by minutes or seconds (slow down attackers....)

I don't think those work too well except in very specific cases, as 
pointed out by Ilona.

Remy



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message